Package: cppcheck
Version: 1.48-1
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I just tried to run cppcheck and it seg. faulted. I ran it through valgrind
and obtained the following:
[...]
1/19 files checked 5% done
Checking diagnose/cprintf.c...
==7973== Invalid read of size 4
==7973== at 0x1C5C36: ??? (in /usr/bin/cppcheck)
==7973== by 0x1F41F5: ??? (in /usr/bin/cppcheck)
==7973== by 0x18721D: ??? (in /usr/bin/cppcheck)
==7973== by 0x189A39: ??? (in /usr/bin/cppcheck)
==7973== by 0x114F35: ??? (in /usr/bin/cppcheck)
==7973== by 0x11777D: main (in /usr/bin/cppcheck)
==7973== Address 0x14 is not stack'd, malloc'd or (recently) free'd
==7973==
==7973==
==7973== Process terminating with default action of signal 11 (SIGSEGV)
==7973== Access not within mapped region at address 0x14
==7973== at 0x1C5C36: ??? (in /usr/bin/cppcheck)
==7973== by 0x1F41F5: ??? (in /usr/bin/cppcheck)
==7973== by 0x18721D: ??? (in /usr/bin/cppcheck)
==7973== by 0x189A39: ??? (in /usr/bin/cppcheck)
==7973== by 0x114F35: ??? (in /usr/bin/cppcheck)
==7973== by 0x11777D: main (in /usr/bin/cppcheck)
==7973== If you believe this happened as a result of a stack
==7973== overflow in your program's main thread (unlikely but
==7973== possible), you can try to increase the size of the
==7973== main thread stack using the --main-stacksize= flag.
==7973== The main thread stack size used in this run was 8388608.
==7973==
==7973== HEAP SUMMARY:
==7973== in use at exit: 76,250 bytes in 2,226 blocks
==7973== total heap usage: 44,239 allocs, 42,013 frees, 4,155,266 bytes
allocated
==7973==
==7973== LEAK SUMMARY:
==7973== definitely lost: 152 bytes in 6 blocks
==7973== indirectly lost: 0 bytes in 0 blocks
==7973== possibly lost: 29,638 bytes in 1,132 blocks
==7973== still reachable: 46,460 bytes in 1,088 blocks
==7973== suppressed: 0 bytes in 0 blocks
==7973== Rerun with --leak-check=full to see details of leaked memory
==7973==
==7973== For counts of detected and suppressed errors, rerun with: -v
==7973== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 24 from 9)
Segmentation fault
The file it choken on is included below.
- -- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cppcheck depends on:
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.6.0-2 GCC support library
ii libpcre3 8.12-3 Perl 5 Compatible Regular Expressi
ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3
ii libtinyxml2.5.3 2.5.3-3 C++ XML parsing library
cppcheck recommends no packages.
cppcheck suggests no packages.
- -- no debconf information
*** lilo-23.2/diagnose/cprintf.c
/* Copyright (C) 1996 Robert de Bath <rob...@mayday.compulink.co.uk>
* This file is part of the Linux-8086 C library and is distributed
* under the GNU Library General Public License.
*/
/* Modified 14-Jan-2002 by John Coffman <johni...@san.rr.com> for inclusion
* in the set of LILO diagnostics. This code is the property of Robert
* de Bath, and is used with his permission.
*/
#include <stdarg.h>
/* #include <conio.h> */
#define ASM_CVT 1
#if __MSDOS__
#include <stdio.h>
#define putch(ch) fputc(ch,stdout)
#else
#define putch(ch) bios_putc(ch)
#endif
static unsigned char * __numout(long i, int base);
int cprintf(char * fmt, ...)
{
register int c;
int count = 0;
int type, base;
long val;
char * cp;
char padch=' ';
int minsize, maxsize;
va_list ap;
va_start(ap, fmt);
while(c=*fmt++)
{
count++;
if(c!='%')
{
if (c=='\n') putch('\r');
putch(c);
}
else
{
type=1;
padch = *fmt;
maxsize=minsize=0;
if(padch == '-') fmt++;
for(;;)
{
c=*fmt++;
if( c<'0' || c>'9' ) break;
minsize*=10; minsize+=c-'0';
}
if( c == '.' )
for(;;)
{
c=*fmt++;
if( c<'0' || c>'9' ) break;
maxsize*=10; maxsize+=c-'0';
}
if( padch == '-' ) minsize = -minsize;
else
if( padch != '0' ) padch=' ';
if( c == 0 ) break;
if(c=='h')
{
c=*fmt++;
type = 0;
}
else if(c=='l')
{
c=*fmt++;
type = 2;
}
switch(c)
{
case 'x': base=16; type |= 4; if(0) {
case 'o': base= 8; type |= 4; } if(0) {
case 'u': base=10; type |= 4; } if(0) {
case 'd': base=-10; }
switch(type)
{
case 0: val=va_arg(ap, short); break;
case 1: val=va_arg(ap, int); break;
case 2: val=va_arg(ap, long); break;
case 4: val=va_arg(ap, unsigned short); break;
case 5: val=va_arg(ap, unsigned int); break;
case 6: val=va_arg(ap, unsigned long); break;
default:val=0; break;
}
cp = __numout(val,base);
if(0) {
case 's':
cp=va_arg(ap, char *);
}
count--;
c = strlen(cp);
if( !maxsize ) maxsize = c;
if( minsize > 0 )
{
minsize -= c;
while(minsize>0) { putch(padch); count++; minsize--; }
minsize=0;
}
if( minsize < 0 ) minsize= -minsize-c;
while(*cp && maxsize-->0 )
{
putch(*cp++);
count++;
}
while(minsize>0) { putch(' '); count++; minsize--; }
break;
case 'c':
putch(va_arg(ap, int));
break;
default:
putch(c);
break;
}
}
}
va_end(ap);
return count;
}
static char nstring[]="0123456789ABCDEF";
#if ASM_CVT==0
#define NUMLTH 11
static unsigned char *
__numout(long i, int base)
{
static unsigned char out[NUMLTH+1];
int n;
int flg = 0;
unsigned long val;
if (base<0)
{
base = -base;
if (i<0)
{
flg = 1;
i = -i;
}
}
val = i;
out[NUMLTH] = '\0';
n = NUMLTH-1;
do
{
out[n--] = nstring[val % base];
val /= base;
}
while(val);
if(flg) out[n--] = '-';
return &out[n+1];
}
#else
#asm
! numout.s
!
#if 0
.data
_nstring:
.ascii "0123456789ABCDEF"
.byte 0
#endif
.bss
___out lcomm $C
.text
___numout:
push bp
mov bp,sp
push di
push si
add sp,*-4
mov byte ptr -8[bp],*$0 ! flg = 0
mov si,4[bp] ; i or val.lo
mov di,6[bp] ; i or val.hi
mov cx,8[bp] ; base
test cx,cx ! base < 0 ?
jge .3num
neg cx ! base = -base
or di,di ! i < 0 ?
jns .5num
mov byte ptr -8[bp],*1 ! flg = 1
neg di ! i = -i
neg si
sbb di,*0
.5num:
.3num:
mov byte ptr [___out+$B],*$0 ! out[11] = nul
mov -6[bp],*$A ! n = 10
.9num:
!!! out[n--] = nstring[val % base];
xor dx,dx
xchg ax,di
div cx
xchg ax,di
xchg ax,si
div cx
xchg ax,si ! val(new) = val / base
mov bx,dx ! dx = val % base
mov al,_nstring[bx]
mov bx,-6[bp]
dec word ptr -6[bp]
mov ___out[bx],al
mov ax,si
or ax,di ! while (val)
jne .9num
cmp byte ptr -8[bp],*$0 ! flg == 0 ?
je .Dnum
mov bx,-6[bp]
dec word ptr -6[bp]
mov byte ptr ___out[bx],*$2D ! out[n--] = minus
.Dnum:
mov ax,-6[bp]
add ax,#___out+1
add sp,*4
pop si
pop di
pop bp
ret
#endasm
#endif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJNxTNMAAoJEAVLu599gGRC0f0QAIWTB2cF7pTd84SpiP8SxzlB
KPFR1JkNMVLYa21tJ6YKJuVoIiXBtHb+5JMmvNUdO8PGS3vi5QVzdZ9znI30O+pt
HyeWuNEtSynt58GpDiULCZfj3f5CtJgHzSxkhrGTOtrInWH4EseaJvSQ4E53C49K
EA3jvbV0hzov2vAMKP7Cwz4+z53TWq5FUDUYt5CiDWCQ9xCJEQSEvNrjaDthXgzh
CdbeEL7WR98xndkaf5CLtwqoXJ3e07IuqzuVAaDJ8s73jUdOZ/I5/eLtgMTZVDvm
Wpy898Hos7dm1cI3qaX7SYMVFq0VmrdrYIKMzczQ3XHBJhmb6IZ569I7grRIrt1M
pysLvMNOyXBurQO41fS80crhdkm4uMoTucW32DcBV5QH6i6y3owvbgOAxwpMLkoC
Z0tm3wYPfK44Fw1ti9FmgTZRK57F+v0K51cSwh8GVaeTp37fO6VAMPgUhpaX6y/0
Q0CiGs1ovTSIjsJmjaxAPZMKSthH+moTqD9Ot1zkSahH//qHHGcJam2VGl8owL/3
6jni6jt15pGtN+srXIUogibVtA76o4DCmmczJyTddVqHdjzt6FYw9M9BAokpGBs9
KhP3mdyJAOUDCYx/XN+k9LFDuf+s78PyYOeqlU+UCmWrCQb8SnOcufRWjLhRWmP9
gzX3rYwkRbRAMPCKtA3t
=r5O4
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
