Giter Site home page Giter Site logo

Comments (3)

lilith218 avatar lilith218 commented on September 28, 2024

Not only sprintf causes seg fault, the following as well

int
main(void)
{
    char buff[10] = {0};
    printf("%s", buff);
    return 0;
}

#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
65	../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1  0x00007fd838a91e95 in __vfprintf_internal (s=s@entry=0x7ffd7ab834c0, format=format@entry=0x7ffd7ab83700 "%s", ap=ap@entry=0x7ffd7ab83600, mode_flags=mode_flags@entry=6) at vfprintf-internal.c:1688
#2  0x00007fd838a9e279 in __vsprintf_internal (string=0x7ffd7ab83770 "", maxlen=maxlen@entry=1000, format=0x7ffd7ab83700 "%s", args=args@entry=0x7ffd7ab83600, mode_flags=mode_flags@entry=6) at iovsprintf.c:95
#3  0x00007fd838b46edb in ___sprintf_chk (s=s@entry=0x7ffd7ab83770 "", flag=flag@entry=1, slen=slen@entry=1000, format=<optimized out>) at sprintf_chk.c:40
#4  0x000055ace9a30a85 in sprintf (__fmt=<optimized out>, __s=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36
#5  lle_X_sprintf (FT=FT@entry=0x55acebaadd20, Args=std::vector of length 3, capacity 3 = {...}) at ExternalFunctions.cpp:445
#6  0x000055ace9a31d4f in lle_X_printf (FT=0x55acebaadd20, Args=std::vector of length 2, capacity 2 = {...}) at ExternalFunctions.cpp:469
#7  0x000055ace9a3323a in llvm::Interpreter::callExternalFunction (this=this@entry=0x55acebb7c5c0, F=F@entry=0x55acebb5bfa8, ArgVals=std::vector of length 2, capacity 2 = {...}) at ExternalFunctions.cpp:297
#8  0x000055ace9a1c1c1 in llvm::Interpreter::callFunction (this=0x55acebb7c5c0, F=0x55acebb5bfa8, ArgVals=std::vector of length -185212533053011061, capacity 2931805465809 = {...}) at Execution.cpp:4371
#9  0x000055ace9a1c8ce in llvm::Interpreter::callFunction (ArgVals=std::vector of length 2, capacity 2 = {...}, F=0x55acebb5bfa8, this=0x55acebb7c5c0) at /usr/lib/llvm-8/include/llvm/Support/Casting.h:255
#10 llvm::Interpreter::visitCallInstWrapper (this=0x55acebb7c5c0, CS=...) at Execution.cpp:1633
#11 0x000055ace9a1d497 in llvm::Interpreter::run (this=this@entry=0x55acebb7c5c0) at Execution.cpp:4484
#12 0x000055ace9990d83 in llvm::Interpreter::runFunction (this=0x55acebb7c5c0, F=0x55aceba8b9a8, ArgValues=...) at Interpreter.cpp:750
#13 0x00007fd83aafd9de in llvm::ExecutionEngine::runFunctionAsMain(llvm::Function*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, char const* const*) () from /usr/lib/x86_64-linux-gnu/libLLVM-8.so.1
#14 0x000055ace99702fa in GenMCDriver::explore (this=this@entry=0x55acebb53f30) at GenMCDriver.cpp:633
#15 0x000055ace9970469 in GenMCDriver::run (this=0x55acebb53f30) at GenMCDriver.cpp:464
#16 0x000055ace994cf28 in main (argc=<optimized out>, argv=0x7ffd7ab87a28) at main.cpp:194

or

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>

int
main(void)
{
    char buff[10] = {0};
    int x = atoi(buff);
    return 0;
}

#0  __GI_____strtol_l_internal (nptr=0x1ace2c44 <error: Cannot access memory at address 0x1ace2c44>, endptr=endptr@entry=0x0, base=base@entry=10, group=group@entry=0, loc=0x7f2b963344a0 <_nl_global_locale>) at ../stdlib/strtol_l.c:292
292	../stdlib/strtol_l.c: No such file or directory.
(gdb) bt
#0  __GI_____strtol_l_internal (nptr=0x1ace2c44 <error: Cannot access memory at address 0x1ace2c44>, endptr=endptr@entry=0x0, base=base@entry=10, group=group@entry=0, loc=0x7f2b963344a0 <_nl_global_locale>) at ../stdlib/strtol_l.c:292
#1  0x00007f2b96193c36 in __strtol (nptr=<optimized out>, endptr=endptr@entry=0x0, base=base@entry=10) at ../stdlib/strtol.c:106
#2  0x00007f2b9618f744 in __GI_atoi (nptr=<optimized out>) at atoi.c:27
#3  0x00007f2b9a4bfdae in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#4  0x00007f2b9a4bf71f in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#5  0x0000555f18c6b224 in ffiInvoke (Result=..., TD=<optimized out>, ArgVals=..., F=<optimized out>, Fn=<optimized out>) at /usr/lib/llvm-8/include/llvm/ADT/SmallVector.h:129
#6  llvm::Interpreter::callExternalFunction (this=this@entry=0x555f1ace3880, F=F@entry=0x555f1acc3a78, ArgVals=std::vector of length 94429796831613770, capacity 2932013690047 = {...}) at ExternalFunctions.cpp:322
#7  0x0000555f18c531c1 in llvm::Interpreter::callFunction (this=0x555f1ace3880, F=0x555f1acc3a78, ArgVals=std::vector of length 94429796831613770, capacity 2932013690047 = {...}) at Execution.cpp:4371
#8  0x0000555f18c538ce in llvm::Interpreter::callFunction (ArgVals=std::vector of length 1, capacity 1 = {...}, F=0x555f1acc3a78, this=0x555f1ace3880) at /usr/lib/llvm-8/include/llvm/Support/Casting.h:255
#9  llvm::Interpreter::visitCallInstWrapper (this=0x555f1ace3880, CS=...) at Execution.cpp:1633
#10 0x0000555f18c54497 in llvm::Interpreter::run (this=this@entry=0x555f1ace3880) at Execution.cpp:4484
#11 0x0000555f18bc7d83 in llvm::Interpreter::runFunction (this=0x555f1ace3880, F=0x555f1abf39a8, ArgValues=...) at Interpreter.cpp:750
#12 0x00007f2b9822f9de in llvm::ExecutionEngine::runFunctionAsMain(llvm::Function*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, char const* const*) () from /usr/lib/x86_64-linux-gnu/libLLVM-8.so.1
#13 0x0000555f18ba72fa in GenMCDriver::explore (this=this@entry=0x555f1acbb730) at GenMCDriver.cpp:633
#14 0x0000555f18ba7469 in GenMCDriver::run (this=0x555f1acbb730) at GenMCDriver.cpp:464
#15 0x0000555f18b83f28 in main (argc=<optimized out>, argv=0x7fffce7476b8) at main.cpp:194

from genmc.

lilith218 avatar lilith218 commented on September 28, 2024

If I don't declare the array on the stack, the program does not crash. It seems to be related to putting arrays on the stack somehow!

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>

char buff[10] = {0}; // no crash

int
main(void)
{
    printf("%s", buff);
    int x = 10;
    sprintf(buff, "%d", x);
    x = atoi(buff);
    return 0;
}

from genmc.

michaliskok avatar michaliskok commented on September 28, 2024

Closing, as this is identical to #10.

from genmc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.