Package: cppcheck Version: 1.48-1 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, I just tried to run cppcheck and it seg. faulted. I ran it through valgrind and obtained the following: [...] 1/19 files checked 5% done Checking diagnose/cprintf.c... ==7973== Invalid read of size 4 ==7973== at 0x1C5C36: ??? (in /usr/bin/cppcheck) ==7973== by 0x1F41F5: ??? (in /usr/bin/cppcheck) ==7973== by 0x18721D: ??? (in /usr/bin/cppcheck) ==7973== by 0x189A39: ??? (in /usr/bin/cppcheck) ==7973== by 0x114F35: ??? (in /usr/bin/cppcheck) ==7973== by 0x11777D: main (in /usr/bin/cppcheck) ==7973== Address 0x14 is not stack'd, malloc'd or (recently) free'd ==7973== ==7973== ==7973== Process terminating with default action of signal 11 (SIGSEGV) ==7973== Access not within mapped region at address 0x14 ==7973== at 0x1C5C36: ??? (in /usr/bin/cppcheck) ==7973== by 0x1F41F5: ??? (in /usr/bin/cppcheck) ==7973== by 0x18721D: ??? (in /usr/bin/cppcheck) ==7973== by 0x189A39: ??? (in /usr/bin/cppcheck) ==7973== by 0x114F35: ??? (in /usr/bin/cppcheck) ==7973== by 0x11777D: main (in /usr/bin/cppcheck) ==7973== If you believe this happened as a result of a stack ==7973== overflow in your program's main thread (unlikely but ==7973== possible), you can try to increase the size of the ==7973== main thread stack using the --main-stacksize= flag. ==7973== The main thread stack size used in this run was 8388608. ==7973== ==7973== HEAP SUMMARY: ==7973== in use at exit: 76,250 bytes in 2,226 blocks ==7973== total heap usage: 44,239 allocs, 42,013 frees, 4,155,266 bytes allocated ==7973== ==7973== LEAK SUMMARY: ==7973== definitely lost: 152 bytes in 6 blocks ==7973== indirectly lost: 0 bytes in 0 blocks ==7973== possibly lost: 29,638 bytes in 1,132 blocks ==7973== still reachable: 46,460 bytes in 1,088 blocks ==7973== suppressed: 0 bytes in 0 blocks ==7973== Rerun with --leak-check=full to see details of leaked memory ==7973== ==7973== For counts of detected and suppressed errors, rerun with: -v ==7973== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 24 from 9) Segmentation fault The file it choken on is included below. - -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cppcheck depends on: ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libgcc1 1:4.6.0-2 GCC support library ii libpcre3 8.12-3 Perl 5 Compatible Regular Expressi ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3 ii libtinyxml2.5.3 2.5.3-3 C++ XML parsing library cppcheck recommends no packages. cppcheck suggests no packages. - -- no debconf information *** lilo-23.2/diagnose/cprintf.c /* Copyright (C) 1996 Robert de Bath <rob...@mayday.compulink.co.uk> * This file is part of the Linux-8086 C library and is distributed * under the GNU Library General Public License. */ /* Modified 14-Jan-2002 by John Coffman <johni...@san.rr.com> for inclusion * in the set of LILO diagnostics. This code is the property of Robert * de Bath, and is used with his permission. */ #include <stdarg.h> /* #include <conio.h> */ #define ASM_CVT 1 #if __MSDOS__ #include <stdio.h> #define putch(ch) fputc(ch,stdout) #else #define putch(ch) bios_putc(ch) #endif static unsigned char * __numout(long i, int base); int cprintf(char * fmt, ...) { register int c; int count = 0; int type, base; long val; char * cp; char padch=' '; int minsize, maxsize; va_list ap; va_start(ap, fmt); while(c=*fmt++) { count++; if(c!='%') { if (c=='\n') putch('\r'); putch(c); } else { type=1; padch = *fmt; maxsize=minsize=0; if(padch == '-') fmt++; for(;;) { c=*fmt++; if( c<'0' || c>'9' ) break; minsize*=10; minsize+=c-'0'; } if( c == '.' ) for(;;) { c=*fmt++; if( c<'0' || c>'9' ) break; maxsize*=10; maxsize+=c-'0'; } if( padch == '-' ) minsize = -minsize; else if( padch != '0' ) padch=' '; if( c == 0 ) break; if(c=='h') { c=*fmt++; type = 0; } else if(c=='l') { c=*fmt++; type = 2; } switch(c) { case 'x': base=16; type |= 4; if(0) { case 'o': base= 8; type |= 4; } if(0) { case 'u': base=10; type |= 4; } if(0) { case 'd': base=-10; } switch(type) { case 0: val=va_arg(ap, short); break; case 1: val=va_arg(ap, int); break; case 2: val=va_arg(ap, long); break; case 4: val=va_arg(ap, unsigned short); break; case 5: val=va_arg(ap, unsigned int); break; case 6: val=va_arg(ap, unsigned long); break; default:val=0; break; } cp = __numout(val,base); if(0) { case 's': cp=va_arg(ap, char *); } count--; c = strlen(cp); if( !maxsize ) maxsize = c; if( minsize > 0 ) { minsize -= c; while(minsize>0) { putch(padch); count++; minsize--; } minsize=0; } if( minsize < 0 ) minsize= -minsize-c; while(*cp && maxsize-->0 ) { putch(*cp++); count++; } while(minsize>0) { putch(' '); count++; minsize--; } break; case 'c': putch(va_arg(ap, int)); break; default: putch(c); break; } } } va_end(ap); return count; } static char nstring[]="0123456789ABCDEF"; #if ASM_CVT==0 #define NUMLTH 11 static unsigned char * __numout(long i, int base) { static unsigned char out[NUMLTH+1]; int n; int flg = 0; unsigned long val; if (base<0) { base = -base; if (i<0) { flg = 1; i = -i; } } val = i; out[NUMLTH] = '\0'; n = NUMLTH-1; do { out[n--] = nstring[val % base]; val /= base; } while(val); if(flg) out[n--] = '-'; return &out[n+1]; } #else #asm ! numout.s ! #if 0 .data _nstring: .ascii "0123456789ABCDEF" .byte 0 #endif .bss ___out lcomm $C .text ___numout: push bp mov bp,sp push di push si add sp,*-4 mov byte ptr -8[bp],*$0 ! flg = 0 mov si,4[bp] ; i or val.lo mov di,6[bp] ; i or val.hi mov cx,8[bp] ; base test cx,cx ! base < 0 ? jge .3num neg cx ! base = -base or di,di ! i < 0 ? jns .5num mov byte ptr -8[bp],*1 ! flg = 1 neg di ! i = -i neg si sbb di,*0 .5num: .3num: mov byte ptr [___out+$B],*$0 ! out[11] = nul mov -6[bp],*$A ! n = 10 .9num: !!! out[n--] = nstring[val % base]; xor dx,dx xchg ax,di div cx xchg ax,di xchg ax,si div cx xchg ax,si ! val(new) = val / base mov bx,dx ! dx = val % base mov al,_nstring[bx] mov bx,-6[bp] dec word ptr -6[bp] mov ___out[bx],al mov ax,si or ax,di ! while (val) jne .9num cmp byte ptr -8[bp],*$0 ! flg == 0 ? je .Dnum mov bx,-6[bp] dec word ptr -6[bp] mov byte ptr ___out[bx],*$2D ! out[n--] = minus .Dnum: mov ax,-6[bp] add ax,#___out+1 add sp,*4 pop si pop di pop bp ret #endasm #endif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJNxTNMAAoJEAVLu599gGRC0f0QAIWTB2cF7pTd84SpiP8SxzlB KPFR1JkNMVLYa21tJ6YKJuVoIiXBtHb+5JMmvNUdO8PGS3vi5QVzdZ9znI30O+pt HyeWuNEtSynt58GpDiULCZfj3f5CtJgHzSxkhrGTOtrInWH4EseaJvSQ4E53C49K EA3jvbV0hzov2vAMKP7Cwz4+z53TWq5FUDUYt5CiDWCQ9xCJEQSEvNrjaDthXgzh CdbeEL7WR98xndkaf5CLtwqoXJ3e07IuqzuVAaDJ8s73jUdOZ/I5/eLtgMTZVDvm Wpy898Hos7dm1cI3qaX7SYMVFq0VmrdrYIKMzczQ3XHBJhmb6IZ569I7grRIrt1M pysLvMNOyXBurQO41fS80crhdkm4uMoTucW32DcBV5QH6i6y3owvbgOAxwpMLkoC Z0tm3wYPfK44Fw1ti9FmgTZRK57F+v0K51cSwh8GVaeTp37fO6VAMPgUhpaX6y/0 Q0CiGs1ovTSIjsJmjaxAPZMKSthH+moTqD9Ot1zkSahH//qHHGcJam2VGl8owL/3 6jni6jt15pGtN+srXIUogibVtA76o4DCmmczJyTddVqHdjzt6FYw9M9BAokpGBs9 KhP3mdyJAOUDCYx/XN+k9LFDuf+s78PyYOeqlU+UCmWrCQb8SnOcufRWjLhRWmP9 gzX3rYwkRbRAMPCKtA3t =r5O4 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org