http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50201
--- Comment #8 from Jouko Orava <jouko.orava at iki dot fi> --- I confirm, still occurs with 4.7.3 and 4.8.1. For simplicity, I obtained the 4.7 and 4.8 versions from Ubuntu toolchain test builds' PPA, https://launchpad.net/~ubuntu-toolchain-r/. GNU Fortran 4.7.3 (Ubuntu/Linaro 4.7.3-2ubuntu1~12.04): gdb backtrace: #0 0x0000000000000000 in ?? () #1 0x000000000040c868 in write_float () #2 0x0000000000405db6 in formatted_transfer () #3 0x0000000000404004 in _gfortran_transfer_array () #4 0x0000000000401396 in MAIN__ () Code near the segfault: 40c85b: 0f 94 84 24 80 00 00 sete 0x80(%rsp) 40c862: 00 40c863: e8 98 37 bf ff callq 0 <__libc_tsd_LOCALE> 40c868: 41 83 3c 24 20 cmpl $0x20,(%r12) 40c86d: 0f 84 bd 08 00 00 je 40d130 <write_float+0x9e0> 40c873: 44 0f b6 84 24 80 00 movzbl 0x80(%rsp),%r8d Assigning a breakpoint at 40c863 and jumping to 40d130 avoids the segfault. The printed output contains 'V' instead of \xb6. GNU Fortran 4.8.1 (Ubuntu 4.8.1-2ubuntu1~12.04): gdb backtrace: #0 0x0000000000000000 in ?? () #1 0x000000000040c3e9 in write_float () #2 0x0000000000406671 in formatted_transfer () #3 0x000000000040402f in _gfortran_transfer_array () #4 0x0000000000401396 in MAIN__ () Code near the segfault: 40c3dc: 4c 89 e6 mov %r12,%rsi 40c3df: b8 01 00 00 00 mov $0x1,%eax 40c3e4: e8 17 3c bf ff callq 0 <__libc_tsd_LOCALE> 40c3e9: 41 89 c0 mov %eax,%r8d 40c3ec: 0f b6 85 f0 fe ff ff movzbl -0x110(%rbp),%eax 40c3f3: 89 44 24 08 mov %eax,0x8(%rsp) 40c3f7: e9 c7 00 00 00 jmpq 40c4c3 <write_float+0x273> Assigning a breakpoint at 40c3e4 and jumping to 40c3e9 or 40c4c3 avoids the first segfault (again a call to __libc_tsd_LOCALE). Another segfault will occur at 4531fb in memcpy(), in a 'rep movsq %ds:(%rsi),%es:(%rdi)' instruction, with source (%rsi register) referring to just past/above stack (0x7ffffffff000). (The process map indicates stack is at 7ffffffde000-7ffffffff000). To me, this looks like trying to copy a string, but with the source string missing completely. In fact, this enforces my belief that the call to __libc_tsd_LOCALE really should be some kind of setup for the locale-specific numeric formatting string, and that finding out how a reference to the thread-specific locale structure can be changed to a function call to that address. That said, in all cases there are other calls to __libc_tsd_LOCALE (which all would cause a segmentation fault, if executed) in the disassembly. If compiled with 4.7.3, in _IO_flush_all_linebuffered: 438d04: 438d3a: _IO_flush_all_lockp: 438860: 4388da: _IO_link_in: 43787d: 4378ba: _IO_un_link: 43766f: 4376a2: _IO_vfprintf: 47a94e: 47aa5f: _IO_vfscanf: 4a448a: 4a55c0: _IO_vfwprintf: 4851ab: 4851f7: _Unwind_Find_FDE: 422a45: 422a95: __assert_fail_base: 4235dc: __dcigettext: 424609: 424613: 42469d: 4246cb: 4249db: 4249e5: 424a2f: 424a39: 424bc2: 424bcc: 424d78: 424db6: __deregister_frame_info_bases: 4228ed: 422975: __dl_iterate_phdr: 46b611: 46b6cf: __dlerror: 4ad826: 4ad83f: __dlsym: 4b3912: 4b393d: __dlvsym: 4b39c4: 4b39f1: __gconv_compare_alias: 46d621: __gconv_find_transform: 46d729: __libc_enable_asynccancel: 46a740: __libc_fork: 4664d6: __libc_start_main: 422e4e: __register_frame_info_bases: 42278b: __register_frame_info_table_bases: 42284a: __wcsmbs_load_conv: 465f3f: 466071: _dl_add_to_namespace_list: 49f7cb: _dl_addr: 46b7ad: 46b9c2: _dl_close: 4b3566: _dl_close_worker: 4b2ed9: 4b3078: _dl_fini: 4b5b3f: 4b5c06: _dl_lookup_symbol_x: 49f325: 49f3f5: 49f481: _dl_open: 4b1a4d: 4b1b12: 4b1b97: 4b1c6d: _dl_tlsdesc_resolve_hold_fixup: 4b3787: _dl_tlsdesc_resolve_rela_fixup: 4b361c: 4b363f: _dlerror_run: 4adad1: 4adb60: 4adb9f: _gfortran_arandom_r10: 41011b: _gfortran_arandom_r16: 41030b: _gfortran_arandom_r4: 40fd7b: _gfortran_arandom_r8: 40ff2a: _gfortran_random_r10: 40fb18: _gfortran_random_r16: 40fbef: _gfortran_random_r4: 40f9d3: _gfortran_random_r8: 40fa48: _gfortran_random_seed_i4: 4104c2: 410648: _gfortran_random_seed_i8: 4106e3: _gfortrani_close_units: 408c90: _gfortrani_convert_infnan: 41898b: _gfortrani_convert_real: 41888e: _gfortrani_find_file: 40a24e: 40a268: 40a282: 40a29b: 40a2af: 40a2b7: 40a335: _gfortrani_flush_all_units: 40a36a: 40a3a1: 40a3c2: 40a3e9: 40a3f1: 40a40d: 40a415: _gfortrani_get_internal_unit: 4083c8: _gfortrani_init_units: 408777: 40884b: 408922: _nl_find_domain: 424efb: 424f5b: 425064: 4250c1: _nl_find_msg: 423ca8: 423d11: 423ef2: 423f79: 424418: 42454b: _nl_get_alt_digit: 49942a: 49945e: _nl_get_walt_digit: 4994d9: 49956a: _nl_init_era_entries.part.0: 4996ea: _nl_load_domain: 4255c1: _nl_parse_alt_digit: 499605: 499686: _nl_unload_domain: 4b7072: buffered_vfprintf: 47a7da: 47a7f8: buffered_vfprintf: 48a5ba: 48a5d8: close_unit_1: 408bbf: 408bf1: 408c13: destroy_unit_mutex: 407e95: do_lookup_x: 49e562: 49e652: 49e733: 49eb6e: flush_all_units_1: 409808: 409828: free_key_mem: 4ada49: get_external_unit: 4080fd: 408165: 40818b: 4081a3: 4081ab: 408230: 408246: 40826a: init: 4ad7e8: insert_unit: 408020: setlocale: 475fb6: 475fde: 476142: 476192: 47632f: 4765db: uw_init_context_1: 4207c3: write_float: 40c863: If compiled with GNU Fortran 4.8.1, at _IO_flush_all_linebuffered: 439db4: 439dea: _IO_flush_all_lockp: 439910: 43998a: _IO_link_in: 43892d: 43896a: _IO_un_link: 43871f: 438752: _IO_vfprintf: 47b9ee: 47baff: _IO_vfscanf: 4a552a: 4a6660: _IO_vfwprintf: 48624b: 486297: _Unwind_Find_FDE: 423ad5: 423b25: __assert_fail_base: 42466c: __dcigettext: 425699: 4256a3: 42572d: 42575b: 425a6b: 425a75: 425abf: 425ac9: 425c52: 425c5c: 425e08: 425e46: __deregister_frame_info_bases: 42397d: 423a05: __dl_iterate_phdr: 46c6d1: 46c78f: __dlerror: 4ae8c6: 4ae8df: __dlsym: 4b49b2: 4b49dd: __dlvsym: 4b4a64: 4b4a91: __gconv_compare_alias: 46e6e1: __gconv_find_transform: 46e7e9: __libc_enable_asynccancel: 46b800: __libc_fork: 467586: __libc_start_main: 423ede: __register_frame_info_bases: 423826: __register_frame_info_table_bases: 4238da: __wcsmbs_load_conv: 466fef: 467121: _dl_add_to_namespace_list: 4a086b: _dl_addr: 46c86d: 46ca82: _dl_close: 4b4606: _dl_close_worker: 4b3f79: 4b4118: _dl_fini: 4b6bdf: 4b6ca6: _dl_lookup_symbol_x: 4a03c5: 4a0495: 4a0521: _dl_open: 4b2aed: 4b2bb2: 4b2c37: 4b2d0d: _dl_tlsdesc_resolve_hold_fixup: 4b4827: _dl_tlsdesc_resolve_rela_fixup: 4b46bc: 4b46df: _dlerror_run: 4aeb71: 4aec00: 4aec3f: _gfortran_arandom_r10: 4110ab: _gfortran_arandom_r16: 4112ab: _gfortran_arandom_r4: 410cdc: _gfortran_arandom_r8: 410eab: _gfortran_random_r10: 410aa8: _gfortran_random_r16: 410b6e: _gfortran_random_r4: 410963: _gfortran_random_r8: 4109d8: _gfortran_random_seed_i4: 411472: 4115f8: _gfortran_random_seed_i8: 411693: _gfortrani_close_units: 408af0: _gfortrani_convert_infnan: 419993: _gfortrani_convert_real: 4198a3: _gfortrani_find_file: 409cf7: 409d10: 409d2a: 409d43: 409d57: 409d5f: 409de5: _gfortrani_flush_all_units: 409e1a: 409e51: 409e72: 409e8e: 409e96: 409ec7: 409ecf: _gfortrani_free_internal_unit: 408503: _gfortrani_get_internal_unit: 4082ab: _gfortrani_init_units: 408637: 40870b: 4087e2: _nl_find_domain: 425f8b: 425feb: 4260f4: 426151: _nl_find_msg: 424d38: 424da1: 424f82: 425009: 4254a8: 4255db: _nl_get_alt_digit: 49a4ca: 49a4fe: _nl_get_walt_digit: 49a579: 49a60a: _nl_init_era_entries.part.0: 49a78a: _nl_load_domain: 426651: _nl_parse_alt_digit: 49a6a5: 49a726: _nl_unload_domain: 4b8132: buffered_vfprintf: 47b87a: 47b898: buffered_vfprintf: 48b65a: 48b678: close_unit_1: 4089cf: 408a4b: 408a6f: 408ab1: do_lookup_x: 49f602: 49f6f2: 49f7d3: 49fc0e: flush_all_units_1: 408cc3: 408ce3: free_key_mem: 4aeae9: get_external_unit: 40801d: 40808d: 4080b3: 4080cb: 4080d3: 4080e9: 408150: 408166: 40818a: init: 4ae888: insert_unit: 407f90: setlocale: 477076: 47709e: 477202: 477252: 4773ef: 47769b: uw_init_context_1: 421469: write_float: 40c3e4: 40ca4a: 40cc82: 40d2a1: I can attach the static binary and/or disassembly from 4.7.3 and/or 4.8.1, but the binary is about a megabyte, and the disassembly is about ten megabytes.
