Public bug reported: Binary package hint: libstdc++5
Description of problem: Function btowc() in library libstdc++.so.5 contains an infinite recursion. See disassembly, address 0xb7f05c5a: 0xb7f05c3f <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+191>: nop 0xb7f05c40 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+192>: push %ebp 0xb7f05c41 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+193>: mov %esp,%ebp 0xb7f05c43 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+195>: sub $0x18,%esp 0xb7f05c46 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+198>: mov %ebx,0xfffffffc(%ebp) 0xb7f05c49 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+201>: mov 0x8(%ebp),%eax 0xb7f05c4c <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+204>: call 0xb7eb4070 <[EMAIL PROTECTED]> ---Type <return> to continue, or q <return> to quit--- 0xb7f05c51 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+209>: add $0x238c3,%ebx 0xb7f05c57 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+215>: mov %eax,(%esp) 0xb7f05c5a <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+218>: call 0xb7f05c40 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+192> 0xb7f05c5f <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+223>: mov 0xfffffffc(%ebp),%ebx 0xb7f05c62 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+226>: mov %ebp,%esp 0xb7f05c64 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+228>: pop %ebp 0xb7f05c65 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+229>: ret 0xb7f05c66 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+230>: inc %edx 0xb7f05c67 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+231>: je 0xb7f05c71 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+241> 0xb7f05c69 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+233>: mov %eax,(%esp) 0xb7f05c6c <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+236>: call 0xb7eb3bd0 <[EMAIL PROTECTED]> 0xb7f05c71 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+241>: mov %eax,(%esp) 0xb7f05c74 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+244>: call 0xb7eb20f0 <[EMAIL PROTECTED]> 0xb7f05c79 <_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc+249>: nop (gdb) i shared >From To Syms Read Shared Object Library 0xb7f93590 0xb7f9c8d4 Yes /lib/tls/i686/cmov/libpthread.so.0 0xb7f7c740 0xb7f89784 Yes /usr/lib/libz.so.1 0xb7f78aa0 0xb7f79928 Yes /lib/libuuid.so.1 0xb7f49830 0xb7f4c914 Yes /lib/tls/i686/cmov/libcrypt.so.1 0xb7f38450 0xb7f43ab4 Yes /lib/tls/i686/cmov/libresolv.so.2 0xb7f32c40 0xb7f33c64 Yes /lib/tls/i686/cmov/libdl.so.2 0xb7eb3f80 0xb7f109f0 Yes /usr/lib/libstdc++.so.5 0xb7e553d0 0xb7e70644 Yes /lib/tls/i686/cmov/libm.so.6 0xb7e488a0 0xb7e4fa84 Yes /lib/libgcc_s.so.1 0xb7d276b0 0xb7e1c736 Yes /lib/tls/i686/cmov/libc.so.6 0xb7fb4820 0xb7fc873f Yes /lib/ld-linux.so.2 0xb74fa480 0xb74faeb4 Yes /usr/lib/gconv/ISO8859-1.so 0xb74f6480 0xb74f7004 Yes /usr/lib/gconv/CP1252.so 0xab36abc0 0xab3715b4 Yes /lib/tls/i686/cmov/libnss_files.so.2 0xab363dd0 0xab366884 Yes /lib/tls/i686/cmov/libnss_dns.so.2 This seems to be exactly same bug as in Fedora Core 5. Infinite recursion cause crash on stack overflow. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186410 for details. Example: void test_local_date() { time_t timestamp; struct tm *ta; time(×tamp); ta = localtime(×tamp); std::locale *loc = new std::locale("cs"); std::wstring format = "%x"; std::wostringstream wstr; std::use_facet<std::time_put<wchar_t> >(*loc).put(wstr, wstr, wstr.fill(), ta, format.data(), format.data() + format.length()); delete loc; } ** Affects: gcc-3.3 (Ubuntu) Importance: Undecided Status: Unconfirmed -- infinite recursion in btowc() function (libstdc++.so.5) https://launchpad.net/bugs/84074 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
