Package: cppcheck
Version: 1.48-1
Severity: important

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I just tried to run cppcheck and it seg. faulted.  I ran it through valgrind
and obtained the following:

[...]
1/19 files checked 5% done
Checking diagnose/cprintf.c...
==7973== Invalid read of size 4
==7973==    at 0x1C5C36: ??? (in /usr/bin/cppcheck)
==7973==    by 0x1F41F5: ??? (in /usr/bin/cppcheck)
==7973==    by 0x18721D: ??? (in /usr/bin/cppcheck)
==7973==    by 0x189A39: ??? (in /usr/bin/cppcheck)
==7973==    by 0x114F35: ??? (in /usr/bin/cppcheck)
==7973==    by 0x11777D: main (in /usr/bin/cppcheck)
==7973==  Address 0x14 is not stack'd, malloc'd or (recently) free'd
==7973== 
==7973== 
==7973== Process terminating with default action of signal 11 (SIGSEGV)
==7973==  Access not within mapped region at address 0x14
==7973==    at 0x1C5C36: ??? (in /usr/bin/cppcheck)
==7973==    by 0x1F41F5: ??? (in /usr/bin/cppcheck)
==7973==    by 0x18721D: ??? (in /usr/bin/cppcheck)
==7973==    by 0x189A39: ??? (in /usr/bin/cppcheck)
==7973==    by 0x114F35: ??? (in /usr/bin/cppcheck)
==7973==    by 0x11777D: main (in /usr/bin/cppcheck)
==7973==  If you believe this happened as a result of a stack
==7973==  overflow in your program's main thread (unlikely but
==7973==  possible), you can try to increase the size of the
==7973==  main thread stack using the --main-stacksize= flag.
==7973==  The main thread stack size used in this run was 8388608.
==7973== 
==7973== HEAP SUMMARY:
==7973==     in use at exit: 76,250 bytes in 2,226 blocks
==7973==   total heap usage: 44,239 allocs, 42,013 frees, 4,155,266 bytes 
allocated
==7973== 
==7973== LEAK SUMMARY:
==7973==    definitely lost: 152 bytes in 6 blocks
==7973==    indirectly lost: 0 bytes in 0 blocks
==7973==      possibly lost: 29,638 bytes in 1,132 blocks
==7973==    still reachable: 46,460 bytes in 1,088 blocks
==7973==         suppressed: 0 bytes in 0 blocks
==7973== Rerun with --leak-check=full to see details of leaked memory
==7973== 
==7973== For counts of detected and suppressed errors, rerun with: -v
==7973== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 24 from 9)
Segmentation fault

The file it choken on is included below.

- -- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cppcheck depends on:
ii  libc6                         2.11.2-11  Embedded GNU C Library: Shared lib
ii  libgcc1                       1:4.6.0-2  GCC support library
ii  libpcre3                      8.12-3     Perl 5 Compatible Regular Expressi
ii  libstdc++6                    4.6.0-2    The GNU Standard C++ Library v3
ii  libtinyxml2.5.3               2.5.3-3    C++ XML parsing library

cppcheck recommends no packages.

cppcheck suggests no packages.

- -- no debconf information

*** lilo-23.2/diagnose/cprintf.c
/* Copyright (C) 1996 Robert de Bath <rob...@mayday.compulink.co.uk>
 * This file is part of the Linux-8086 C library and is distributed
 * under the GNU Library General Public License.
 */

/* Modified 14-Jan-2002 by John Coffman <johni...@san.rr.com> for inclusion
 * in the set of LILO diagnostics.  This code is the property of Robert
 * de Bath, and is used with his permission.
 */

#include <stdarg.h>
/* #include <conio.h> */
#define ASM_CVT 1

#if __MSDOS__
#include <stdio.h>
#define putch(ch) fputc(ch,stdout)
#else
#define putch(ch) bios_putc(ch)
#endif

static unsigned char * __numout(long i, int base);

int cprintf(char * fmt, ...)
{
   register int c;
   int count = 0;
   int type, base;
   long val;
   char * cp;
   char padch=' ';
   int  minsize, maxsize;
   va_list ap;

   va_start(ap, fmt);

   while(c=*fmt++)
   {
      count++;
      if(c!='%')
      {
         if (c=='\n') putch('\r');
         putch(c);
      }
      else
      {
         type=1;
         padch = *fmt;
         maxsize=minsize=0;
         if(padch == '-') fmt++;

         for(;;)
         {
            c=*fmt++;
            if( c<'0' || c>'9' ) break;
            minsize*=10; minsize+=c-'0';
         }

         if( c == '.' )
            for(;;)
            {
               c=*fmt++;
               if( c<'0' || c>'9' ) break;
               maxsize*=10; maxsize+=c-'0';
            }

         if( padch == '-' ) minsize = -minsize;
         else
         if( padch != '0' ) padch=' ';

         if( c == 0 ) break;
         if(c=='h')
         {
            c=*fmt++;
            type = 0;
         }
         else if(c=='l')
         {
            c=*fmt++;
            type = 2;
         }

         switch(c)
         {
            case 'x': base=16; type |= 4;   if(0) {
            case 'o': base= 8; type |= 4; } if(0) {
            case 'u': base=10; type |= 4; } if(0) {
            case 'd': base=-10; }
               switch(type)
               {
                  case 0: val=va_arg(ap, short); break; 
                  case 1: val=va_arg(ap, int);   break;
                  case 2: val=va_arg(ap, long);  break;
                  case 4: val=va_arg(ap, unsigned short); break; 
                  case 5: val=va_arg(ap, unsigned int);   break;
                  case 6: val=va_arg(ap, unsigned long);  break;
                  default:val=0; break;
               }
               cp = __numout(val,base);
               if(0) {
            case 's':
                  cp=va_arg(ap, char *);
               }
               count--;
               c = strlen(cp);
               if( !maxsize ) maxsize = c;
               if( minsize > 0 )
               {
                  minsize -= c;
                  while(minsize>0) { putch(padch); count++; minsize--; }
                  minsize=0;
               }
               if( minsize < 0 ) minsize= -minsize-c;
               while(*cp && maxsize-->0 )
               {
                  putch(*cp++);
                  count++;
               }
               while(minsize>0) { putch(' '); count++; minsize--; }
               break;
            case 'c':
               putch(va_arg(ap, int));
               break;
            default:
               putch(c);
               break;
         }
      }
   }
   va_end(ap);
   return count;
}

static char nstring[]="0123456789ABCDEF";

#if ASM_CVT==0
#define NUMLTH 11

static unsigned char *
__numout(long i, int base)
{
   static unsigned char out[NUMLTH+1];
   int n;
   int flg = 0;
   unsigned long val;

   if (base<0)
   {
      base = -base;
      if (i<0)
      {
         flg = 1;
         i = -i;
      }
   }
   val = i;

   out[NUMLTH] = '\0';
   n = NUMLTH-1;
   do
   {
      out[n--] = nstring[val % base];
      val /= base;
   }
   while(val);
   if(flg) out[n--] = '-';
   return &out[n+1];
}
#else

#asm
! numout.s
!
#if 0
.data
_nstring:
.ascii  "0123456789ABCDEF"
.byte   0
#endif

.bss
___out  lcomm   $C

.text
___numout:
push    bp
mov     bp,sp
push    di
push    si
add     sp,*-4
mov     byte ptr -8[bp],*$0     ! flg = 0
mov     si,4[bp]        ; i or val.lo
mov     di,6[bp]        ; i or val.hi
mov     cx,8[bp]        ; base
test    cx,cx                   ! base < 0 ?
jge     .3num
neg  cx                         ! base = -base
or      di,di                   ! i < 0 ?
jns     .5num
mov     byte ptr -8[bp],*1      ! flg = 1
neg     di                      ! i = -i
neg     si
sbb     di,*0
.5num:
.3num:
mov     byte ptr [___out+$B],*$0        ! out[11] = nul
mov     -6[bp],*$A              ! n = 10

.9num:
!!!         out[n--] = nstring[val % base];
xor  dx,dx
xchg ax,di
div  cx
xchg ax,di
xchg ax,si
div  cx
xchg ax,si                      ! val(new) = val / base

mov  bx,dx                      ! dx = val % base

mov     al,_nstring[bx]
mov     bx,-6[bp]
dec     word ptr -6[bp]
mov     ___out[bx],al

mov  ax,si
or   ax,di                      ! while (val)
jne     .9num

cmp     byte ptr -8[bp],*$0     ! flg == 0 ?
je      .Dnum

mov     bx,-6[bp]
dec     word ptr -6[bp]
mov     byte ptr ___out[bx],*$2D        ! out[n--] = minus

.Dnum:
mov     ax,-6[bp]
add     ax,#___out+1

add     sp,*4
pop     si
pop     di
pop     bp
ret
#endasm

#endif

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJNxTNMAAoJEAVLu599gGRC0f0QAIWTB2cF7pTd84SpiP8SxzlB
KPFR1JkNMVLYa21tJ6YKJuVoIiXBtHb+5JMmvNUdO8PGS3vi5QVzdZ9znI30O+pt
HyeWuNEtSynt58GpDiULCZfj3f5CtJgHzSxkhrGTOtrInWH4EseaJvSQ4E53C49K
EA3jvbV0hzov2vAMKP7Cwz4+z53TWq5FUDUYt5CiDWCQ9xCJEQSEvNrjaDthXgzh
CdbeEL7WR98xndkaf5CLtwqoXJ3e07IuqzuVAaDJ8s73jUdOZ/I5/eLtgMTZVDvm
Wpy898Hos7dm1cI3qaX7SYMVFq0VmrdrYIKMzczQ3XHBJhmb6IZ569I7grRIrt1M
pysLvMNOyXBurQO41fS80crhdkm4uMoTucW32DcBV5QH6i6y3owvbgOAxwpMLkoC
Z0tm3wYPfK44Fw1ti9FmgTZRK57F+v0K51cSwh8GVaeTp37fO6VAMPgUhpaX6y/0
Q0CiGs1ovTSIjsJmjaxAPZMKSthH+moTqD9Ot1zkSahH//qHHGcJam2VGl8owL/3
6jni6jt15pGtN+srXIUogibVtA76o4DCmmczJyTddVqHdjzt6FYw9M9BAokpGBs9
KhP3mdyJAOUDCYx/XN+k9LFDuf+s78PyYOeqlU+UCmWrCQb8SnOcufRWjLhRWmP9
gzX3rYwkRbRAMPCKtA3t
=r5O4
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to