libc: spawn() crash when starting a shell script

[Yuri Dario]

While building gcc 4.4.6, I got xgcc to crash while compiling stdc++ code. Debugging showed that libc crashes calling tfree(pszBufArgs) as shown in the stack dump:

 Entry No | Function                     | Source            | Module               
----------+------------------------------+-------------------+----------------------
 23       | __libc_Back_panicV           | B_PANIC.C(406)    | libc064.dll:1:149388 
 22       | __libc_Back_panic            | B_PANIC.C(150)    | libc064.dll:1:148630 
 21       | signalTerminateAbnormal      | SIGNALS.C(2026)   | libc064.dll:1:103508 
 20       | signalDeliver                | SIGNALS.C(1812)   | libc064.dll:1:103342 
 19       | __libc_Back_signalRaise      | SIGNALS.C(958)    | libc064.dll:1:99022  
 18       | __libc_Back_exceptionHandler | EXCEPTIONS.C(158) | libc064.dll:1:137518 
 17       | 0x1FFCA2EB                   |                   | doscall1.dll:2:41707 
 16       | 0x1FFC9F0F                   |                   | doscall1.dll:2:40719 
 15       | 0x1FFC9D77                   |                   | doscall1.dll:2:40311 
 14       | _um_lump_coalesce_free       | IMISC.C(31)       | libc064.dll:1:42121  
 13       | _um_free_maybe_lock          | IFREE.C(111)      | libc064.dll:1:317905 
 12       | _tfree                       | TFREE.C(16)       | libc064.dll:1:312572 
 11       | __spawnve                    | __SPAWNVE.C(610)  | libc064.dll:1:170337 
 10       | _std_spawnve                 | SPAWNVE.C(89)     | libc064.dll:1:190338 
 9        | _std_spawnv                  | SPAWNV.C(12)      | libc064.dll:1:190611 
 8        | pex_djgpp_exec_child         | PEX-DJGPP.C(206)  | xgcc.exe:1:170680    
 7        | pex_run_in_environment       | PEX-COMMON.C(342) | xgcc.exe:1:173186    
 6        | pex_run                      | PEX-COMMON.C(372) | xgcc.exe:1:173480    
 5        | execute                      | GCC.C(3002)       | xgcc.exe:1:25361     
 4        | do_spec                      | GCC.C(4534)       | xgcc.exe:1:48581     
 3        | main                         | GCC.C(6797)       | xgcc.exe:1:72129     
 2        | __text                       | CRT0.S(83)        | xgcc.exe:1:44        
 1        | ___init_app                  | APPINIT.S(14)     | libc064.dll:1:179878 

The typical command line is

xgcc -shared-libgcc -BF:/temp/build/build/gcc-4.4.4/obj-i386/./gcc -nostdinc++ \
-LF:/temp/build/build/gcc-4.4.4/obj-i386/i386-pc-os2-emx/libstdc++-v3/src \
-LF:/temp/build/build/gcc-4.4.4/obj-i386/i386-pc-os2-emx/libstdc++-v3/src/.libs -B/@unixroot/usr/i386-pc-os2-emx/bin/ \
-B/@unixroot/usr/i386-pc-os2-emx/lib/ -B/@unixroot/usr/lib -isystem /@unixroot/usr/i386-pc-os2-emx/include -isystem /@unixroot/usr/i386-pc-os2-emx/sys-include \
-IF:/temp/build/build/gcc-4.4.4/obj-i386/i386-pc-os2-emx/libstdc++-v3/include/i386-pc-os2-emx -IF:/temp/build/build/gcc-4.4.4/obj-i386/i386-pc-os2-emx/libstdc++-v3/include -IF:/temp/build/build/gcc-4.4.4/libstdc++-v3/libsupc++ -fno-implicit-templates \
 -Wall -Wextra -Wwrite-strings -Wcast-qual -fdiagnostics-show-location=once \
-O2 -g -O0 -DEMX -DOS2 \
-IF:/temp/build/build/gcc-4.4.4/obj-i386/i386-pc-os2-emx/libstdc++-v3/include/backward \
 -Wno-deprecated -c strstream.cc -o strstream.o

but the crash happens only if above is executed from i386-pc-os2-emx\libstdc++-v3\src directory. Moving to a testcase dir does not replicate the crash. The current workaround in gcc build is to delete the shell script gcc/as so xgcc uses as.exe from environment.

I'll try to get a proper testcase.

[bird]

Looks like a heap corruption bug in spawn.

[bird]

Found a memmove which moved too much, the script location/name length being a factor in how bad it would be. Fixed in r3784 and r3785.

I hope that was it. Since I have no testcase to verify the fix with, I'll assume so and close the defect. Please reopen if the problem persists.