Yang, I have one more crash :)
-- Fedora 19 / x86_64
-- llvm-trunk clang version 3.5 (trunk 195722)
-- creduce/llvm-svn-compatible latest
commit e82f06112e192c492b3347b73772c6
f095411d30
Merge: 3f18d2e f134a5c
Thanks,
Dmitry
#include <valgrind/memcheck.h>
typedef struct
{
int next_in;
int avail_in;
char *next_out;
void *state;
void *( *bzalloc ) ( );
}
bz_stream;
typedef struct
{
bz_stream *strm;
int state;
int state_out_ch;
int state_out_len;
int tPos;
int k0;
int nblock_used;
}
DState;
unsigned long ( *serviceFn ) ( );
int BZ2_indexIntoF_nb;
int BZ2_indexIntoF_na;
int
BZ2_indexIntoF ( indx )
{
int mid;
do
{
mid = BZ2_indexIntoF_na;
if ( indx )
BZ2_indexIntoF_nb = mid;
}
while ( 1 - BZ2_indexIntoF_nb != 1 );
return 0;
}
void *
default_bzalloc ( )
{
void *v = ( void * ) serviceFn ( 2 );
return v;
}
int
BZ2_bzCompressInit ( bz_stream * strm )
{
strm->bzalloc = default_bzalloc;
return 0;
}
int copy_output_until_stop_s_0;
int
copy_output_until_stop ( )
{
copy_output_until_stop_s_0--;
return 0;
}
int
BZ2_bzCompress ( )
{
preswitch:switch ( 1 )
{
goto preswitch;
case 1:
copy_output_until_stop ( );
}
return 0;
}
DState *BZ2_bzDecompressInit_s;
int
BZ2_bzDecompressInit ( bz_stream * strm )
{
BZ2_bzDecompressInit_s = strm->bzalloc ( );
BZ2_bzDecompressInit_s->strm = strm;
strm->state = BZ2_bzDecompressInit_s;
BZ2_bzDecompressInit_s->state = 10;
return 0;
}
int
unRLE_obuf_to_output_SMALL ( DState * s )
{
while ( 1 )
{
while ( 1 )
{
if ( s->state_out_len == 0 )
break;
*s->strm->next_out = s->state_out_ch;
s->state_out_len--;
}
if ( s->nblock_used )
return 0;
s->state_out_len = 1;
s->state_out_ch = s->k0;
s->nblock_used++;
}
}
DState *BZ2_bzDecompress_s;
int
BZ2_bzDecompress ( bz_stream * strm )
{
BZ2_bzDecompress_s = strm->state;
while ( 1 )
{
if ( BZ2_bzDecompress_s->state == 2 )
{
unRLE_obuf_to_output_SMALL ( strm->state );
BZ2_bzDecompress_s->state = 0;
}
DState *s = strm->state;
bz_stream strm = *s->strm;
switch ( s->state )
{
case 10:
strm.bzalloc ( );
if ( 0 )
goto endhdr_2;
s->state = 2;
s->k0 = BZ2_indexIntoF ( s->tPos );
goto save_state_and_return;
endhdr_2:;
}
save_state_and_return:if ( BZ2_bzDecompress_s->state != 2 )
return 0;
}
}
int
BZ2_bzBuffToBuffCompress ( char *dest, unsigned *destLen, char *source,
int sourceLen )
{
bz_stream strm;
BZ2_bzCompressInit ( &strm );
strm.next_in = *source;
strm.next_out = dest;
strm.avail_in = sourceLen;
BZ2_bzCompress ( strm );
if ( 0 )
goto output_overflow;
if ( 0 )
goto errhandler;
*destLen = 0;
output_overflow: errhandler:return 0;
}
int
BZ2_bzBuffToBuffDecompress ( char *dest, unsigned *destLen, char *source,
int sourceLen )
{
bz_stream strm;
BZ2_bzDecompressInit ( &strm );
strm.next_in = *source;
strm.next_out = dest;
strm.avail_in = sourceLen;
BZ2_bzDecompress ( &strm );
if ( 0 )
goto output_overflow_or_eof;
if ( 0 )
goto errhandler;
*destLen = 0;
output_overflow_or_eof: errhandler:return 0;
}
char inbuf[0];
char outbuf[0];
char zbuf[0];
unsigned nOut;
unsigned nZ;
unsigned long
g_serviceFn ( int arg1, int arg2 )
{
switch ( arg1 )
{
case 2:
return ( long ) __builtin_malloc ( arg2 );
default:
__builtin_exit ( 0 );
}
}
int
main ( )
{
serviceFn = g_serviceFn;
VALGRIND_MAKE_MEM_UNDEFINED ( inbuf, sizeof 0 );
BZ2_bzBuffToBuffCompress ( 0, &nZ, inbuf, 0 );
BZ2_bzBuffToBuffDecompress ( outbuf, &nOut, zbuf, 0 );
if ( inbuf[0] != outbuf[0] )
g_serviceFn ( 0, 0 );
return 0;
}
// this should reproduce the crash:
// /usr/local/creduce/libexec/clang_delta --transformation=aggregate-to-scalar --counter=6 /home/dimhen/errs/V/316903-3/clang_delta_crash_tmp_filecgVjt6.c