http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59409
--- Comment #6 from H.J. Lu <hjl.tools at gmail dot com> ---
Starting program:
/export/project/git/gcc-regression/spec/2000/spec/benchspec/CINT2000/253.perlbmk/run/00000002/../00000002/perlbmk_peak.lto
-I./lib diffmail.pl 2 550 15 24 23 100 > /dev/null
Program received signal SIGSEGV, Segmentation fault.
Perl_sv_setsv (dstr=<optimized out>, sstr=<optimized out>) at sv.c:1955
1955 stype = SvTYPE(sstr);
Missing separate debuginfos, use: debuginfo-install glibc-2.17-20.0.fc19.x32
(gdb) list
1950 if (sstr == dstr)
1951 return;
1952 SV_CHECK_THINKFIRST(dstr);
1953 if (!sstr)
1954 sstr = &PL_sv_undef;
1955 stype = SvTYPE(sstr);
1956 dtype = SvTYPE(dstr);
1957
1958 if (dtype == SVt_PVGV && (SvFLAGS(dstr) & SVf_FAKE)) {
1959 sv_unglob(dstr); /* so fake GLOB won't perpetuate */
(gdb) bt
#0 Perl_sv_setsv (dstr=<optimized out>, sstr=<optimized out>) at sv.c:1955
#1 0x00494269 in Perl_sv_mortalcopy (oldstr=<optimized out>) at sv.c:3658
#2 0x004409ad in Perl_pp_aassign () at pp_hot.c:599
#3 0x004e6ac6 in Perl_runops_standard () at run.c:30
#4 0x004339fc in perl_run (sv_interp=<optimized out>) at perl.c:1100
#5 0x0040348b in main (argc=9, argv=<optimized out>, env=<optimized out>)
at unix_perlmain.c:51
(gdb)
Dump of assembler code for function Perl_sv_setsv:
0x00490260 <+0>: push %r15
0x00490262 <+2>: push %r14
0x00490264 <+4>: push %r13
0x00490266 <+6>: push %r12
0x00490268 <+8>: push %rbp
0x00490269 <+9>: push %rbx
0x0049026a <+10>: mov %rdi,%rbx
0x0049026d <+13>: sub $0x18,%esp
0x00490270 <+16>: cmp %edi,%esi
0x00490272 <+18>: je 0x490428 <Perl_sv_setsv+456>
0x00490278 <+24>: mov 0x8(%edi),%eax
0x0049027c <+28>: test $0x880000,%eax
0x00490281 <+33>: jne 0x490440 <Perl_sv_setsv+480>
0x00490287 <+39>: test %rsi,%rsi
0x0049028a <+42>: mov $0x7105b4,%ebp
0x0049028f <+47>: movzbl %al,%r13d
0x00490293 <+51>: cmovne %rsi,%rbp
0x00490297 <+55>: cmp $0xd,%r13d
=> 0x0049029b <+59>: movzbl 0x8(%ebp),%r15d
0x004902a1 <+65>: je 0x4904c0 <Perl_sv_setsv+608>
0x004902a7 <+71>: mov %eax,%edi
(gdb) p/x $rsi
$15 = 0x622e656c
(gdb) p/x $rbp
$16 = 0x622e656c
(gdb) p *(SV *)0x622e656c
Cannot access memory at address 0x622e656c
(gdb)
sstr isn't NULL, but points to the wrong address. The loop is
if (PL_op->op_private & OPpASSIGN_COMMON) {
for (relem = firstrelem; relem <= lastrelem; relem++) {
/*SUPPRESS 560*/
if (sv = *relem) {
TAINT_NOT; /* Each item is independent */
*relem = sv_mortalcopy(sv);
}
}
}
Wrong value of sv is passed to sv_mortalcopy. The bad loop is
44085c: 0f 84 56 02 00 00 je 440ab8 <Perl_pp_aassign+0x2c8>
440862: 67 44 8b 74 24 48 mov 0x48(%esp),%r14d
440868: 44 39 f3 cmp %r14d,%ebx
44086b: 0f 82 47 02 00 00 jb 440ab8 <Perl_pp_aassign+0x2c8>
440871: 41 89 ff mov %edi,%r15d
440874: 67 41 8b 06 mov (%r14d),%eax
440878: 45 29 f7 sub %r14d,%r15d
44087b: 41 c1 ef 02 shr $0x2,%r15d
44087f: 41 83 e7 07 and $0x7,%r15d
440883: 85 c0 test %eax,%eax
440885: 0f 84 69 14 00 00 je 441cf4 <Perl_pp_aassign+0x1504>
44088b: 89 c7 mov %eax,%edi
44088d: c6 05 79 fd 2c 00 00 movb $0x0,0x2cfd79(%rip) #
71060d <PL_tainted>
440894: e8 87 39 05 00 callq 494220 <Perl_sv_mortalcopy>
440899: 67 8b 54 24 48 mov 0x48(%esp),%edx
44089e: 67 89 02 mov %eax,(%edx)
4408a1: 89 d6 mov %edx,%esi
4408a3: 8d 5e 04 lea 0x4(%rsi),%ebx
4408a6: 67 39 5c 24 10 cmp %ebx,0x10(%esp)
4408ab: 0f 82 07 02 00 00 jb 440ab8 <Perl_pp_aassign+0x2c8>
4408b1: 45 85 ff test %r15d,%r15d
4408b4: 0f 84 04 01 00 00 je 4409be <Perl_pp_aassign+0x1ce>
4408ba: 41 83 ff 01 cmp $0x1,%r15d
4408be: 0f 84 d1 00 00 00 je 440995 <Perl_pp_aassign+0x1a5>
4408c4: 41 83 ff 02 cmp $0x2,%r15d
4408c8: 0f 84 a9 00 00 00 je 440977 <Perl_pp_aassign+0x187>
4408ce: 41 83 ff 03 cmp $0x3,%r15d
4408d2: 0f 84 81 00 00 00 je 440959 <Perl_pp_aassign+0x169>
4408d8: 41 83 ff 04 cmp $0x4,%r15d
4408dc: 74 5d je 44093b <Perl_pp_aassign+0x14b>
4408de: 41 83 ff 05 cmp $0x5,%r15d
4408e2: 74 3c je 440920 <Perl_pp_aassign+0x130>
4408e4: 41 83 ff 06 cmp $0x6,%r15d
4408e8: 74 1b je 440905 <Perl_pp_aassign+0x115>
4408ea: 67 8b 0b mov (%ebx),%ecx
4408ed: 85 c9 test %ecx,%ecx
4408ef: 74 11 je 440902 <Perl_pp_aassign+0x112>
4408f1: 89 cf mov %ecx,%edi
4408f3: c6 05 13 fd 2c 00 00 movb $0x0,0x2cfd13(%rip) #
71060d <PL_tainted>
4408fa: e8 21 39 05 00 callq 494220 <Perl_sv_mortalcopy>
4408ff: 67 89 03 mov %eax,(%ebx)
440902: 83 c3 04 add $0x4,%ebx
440905: 67 8b 3b mov (%ebx),%edi
440908: 85 ff test %edi,%edi
44090a: 74 11 je 44091d <Perl_pp_aassign+0x12d>
44090c: 89 ff mov %edi,%edi
44090e: c6 05 f8 fc 2c 00 00 movb $0x0,0x2cfcf8(%rip) #
71060d <PL_tainted>
440915: e8 06 39 05 00 callq 494220 <Perl_sv_mortalcopy>
44091a: 67 89 03 mov %eax,(%ebx)
44091d: 83 c3 04 add $0x4,%ebx
440920: 67 8b 2b mov (%ebx),%ebp
440923: 85 ed test %ebp,%ebp
440925: 74 11 je 440938 <Perl_pp_aassign+0x148>
440925: 74 11 je 440938 <Perl_pp_aassign+0x148>
440927: 89 ef mov %ebp,%edi
440929: c6 05 dd fc 2c 00 00 movb $0x0,0x2cfcdd(%rip) #
71060d <PL_tainted>
440930: e8 eb 38 05 00 callq 494220 <Perl_sv_mortalcopy>
440935: 67 89 03 mov %eax,(%ebx)
440938: 83 c3 04 add $0x4,%ebx
44093b: 67 44 8b 03 mov (%ebx),%r8d
44093f: 45 85 c0 test %r8d,%r8d
440942: 74 12 je 440956 <Perl_pp_aassign+0x166>
440944: 44 89 c7 mov %r8d,%edi
440947: c6 05 bf fc 2c 00 00 movb $0x0,0x2cfcbf(%rip) #
71060d <PL_tainted>
44094e: e8 cd 38 05 00 callq 494220 <Perl_sv_mortalcopy>
440953: 67 89 03 mov %eax,(%ebx)
440956: 83 c3 04 add $0x4,%ebx
440959: 67 44 8b 0b mov (%ebx),%r9d
44095d: 45 85 c9 test %r9d,%r9d
440960: 74 12 je 440974 <Perl_pp_aassign+0x184>
440962: 44 89 cf mov %r9d,%edi
440965: c6 05 a1 fc 2c 00 00 movb $0x0,0x2cfca1(%rip) #
71060d <PL_tainted>
44096c: e8 af 38 05 00 callq 494220 <Perl_sv_mortalcopy>
440971: 67 89 03 mov %eax,(%ebx)
440974: 83 c3 04 add $0x4,%ebx
440977: 67 44 8b 13 mov (%ebx),%r10d
44097b: 45 85 d2 test %r10d,%r10d
44097e: 74 12 je 440992 <Perl_pp_aassign+0x1a2>
440980: 44 89 d7 mov %r10d,%edi
440983: c6 05 83 fc 2c 00 00 movb $0x0,0x2cfc83(%rip) #
71060d <PL_tainted>
44098a: e8 91 38 05 00 callq 494220 <Perl_sv_mortalcopy>
44098f: 67 89 03 mov %eax,(%ebx)
440992: 83 c3 04 add $0x4,%ebx
440995: 67 44 8b 1b mov (%ebx),%r11d
440999: 45 85 db test %r11d,%r11d
44099c: 74 12 je 4409b0 <Perl_pp_aassign+0x1c0>
44099e: 44 89 df mov %r11d,%edi
4409a1: c6 05 65 fc 2c 00 00 movb $0x0,0x2cfc65(%rip) #
71060d <PL_tainted>
4409a8: e8 73 38 05 00 callq 494220 <Perl_sv_mortalcopy>
4409ad: 67 89 03 mov %eax,(%ebx)
4409b0: 83 c3 04 add $0x4,%ebx
4409b3: 67 39 5c 24 10 cmp %ebx,0x10(%esp)
4409b8: 0f 82 fa 00 00 00 jb 440ab8 <Perl_pp_aassign+0x2c8>
4409be: 67 44 8b 23 mov (%ebx),%r12d
4409c2: 45 85 e4 test %r12d,%r12d
4409c5: 74 12 je 4409d9 <Perl_pp_aassign+0x1e9>
4409c7: 44 89 e7 mov %r12d,%edi
4409ca: c6 05 3c fc 2c 00 00 movb $0x0,0x2cfc3c(%rip) #
71060d <PL_tainted>
4409d1: e8 4a 38 05 00 callq 494220 <Perl_sv_mortalcopy>
4409d6: 67 89 03 mov %eax,(%ebx)
4409d9: 67 44 8b 73 04 mov 0x4(%ebx),%r14d
4409de: 44 8d 6b 04 lea 0x4(%rbx),%r13d
4409e2: 45 85 f6 test %r14d,%r14d
4409e5: 74 13 je 4409fa <Perl_pp_aassign+0x20a>
4409e7: 44 89 f7 mov %r14d,%edi
4409ea: c6 05 1c fc 2c 00 00 movb $0x0,0x2cfc1c(%rip) #
71060d <PL_tainted>
4409f1: e8 2a 38 05 00 callq 494220 <Perl_sv_mortalcopy>
4409f6: 67 89 43 04 mov %eax,0x4(%ebx)
4409fa: 67 41 8b 5d 04 mov 0x4(%r13d),%ebx
4409ff: 85 db test %ebx,%ebx
440a01: 74 13 je 440a16 <Perl_pp_aassign+0x226>
440a03: 89 df mov %ebx,%edi
440a05: c6 05 01 fc 2c 00 00 movb $0x0,0x2cfc01(%rip) #
71060d <PL_tainted>
440a0c: e8 0f 38 05 00 callq 494220 <Perl_sv_mortalcopy>
440a11: 67 41 89 45 04 mov %eax,0x4(%r13d)
440a16: 67 45 8b 7d 08 mov 0x8(%r13d),%r15d
440a1b: 45 85 ff test %r15d,%r15d
440a1e: 74 14 je 440a34 <Perl_pp_aassign+0x244>
440a20: 44 89 ff mov %r15d,%edi
440a23: c6 05 e3 fb 2c 00 00 movb $0x0,0x2cfbe3(%rip) #
71060d <PL_tainted>
440a2a: e8 f1 37 05 00 callq 494220 <Perl_sv_mortalcopy>
440a2f: 67 41 89 45 08 mov %eax,0x8(%r13d)
440a34: 67 41 8b 45 0c mov 0xc(%r13d),%eax
440a39: 85 c0 test %eax,%eax
440a3b: 74 13 je 440a50 <Perl_pp_aassign+0x260>
440a3d: 89 c7 mov %eax,%edi
440a3f: c6 05 c7 fb 2c 00 00 movb $0x0,0x2cfbc7(%rip) #
71060d <PL_tainted>
440a46: e8 d5 37 05 00 callq 494220 <Perl_sv_mortalcopy>
440a4b: 67 41 89 45 0c mov %eax,0xc(%r13d)
440a50: 67 41 8b 55 10 mov 0x10(%r13d),%edx
440a55: 85 d2 test %edx,%edx
440a57: 74 13 je 440a6c <Perl_pp_aassign+0x27c>
440a59: 89 d7 mov %edx,%edi
440a5b: c6 05 ab fb 2c 00 00 movb $0x0,0x2cfbab(%rip) #
71060d <PL_tainted>
440a62: e8 b9 37 05 00 callq 494220 <Perl_sv_mortalcopy>
440a67: 67 41 89 45 10 mov %eax,0x10(%r13d)
440a6c: 67 41 8b 75 14 mov 0x14(%r13d),%esi
440a71: 85 f6 test %esi,%esi
440a73: 74 13 je 440a88 <Perl_pp_aassign+0x298>
440a75: 89 f7 mov %esi,%edi
440a77: c6 05 8f fb 2c 00 00 movb $0x0,0x2cfb8f(%rip) #
71060d <PL_tainted>
440a7e: e8 9d 37 05 00 callq 494220 <Perl_sv_mortalcopy>
440a83: 67 41 89 45 14 mov %eax,0x14(%r13d)
440a88: 67 41 8b 4d 18 mov 0x18(%r13d),%ecx
440a8d: 85 c9 test %ecx,%ecx
440a8f: 74 13 je 440aa4 <Perl_pp_aassign+0x2b4>
440a91: 89 cf mov %ecx,%edi
440a93: c6 05 73 fb 2c 00 00 movb $0x0,0x2cfb73(%rip) #
71060d <PL_tainted>
440a9a: e8 81 37 05 00 callq 494220 <Perl_sv_mortalcopy>
440a9f: 67 41 89 45 18 mov %eax,0x18(%r13d)
440aa4: 41 8d 5d 1c lea 0x1c(%r13),%ebx
440aa8: 67 39 5c 24 10 cmp %ebx,0x10(%esp)
440aad: 0f 83 0b ff ff ff jae 4409be <Perl_pp_aassign+0x1ce>
440ab3: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
440ab8: 67 8b 7c 24 4c mov 0x4c(%esp),%edi
