bingrep: Crashes on rustc 1.67
bingrep segfaults on everything:
cargo run --release target/release/bingrep
Finished release [optimized] target(s) in 0.02s
Running `target/release/bingrep target/release/bingrep`
ELF DYN X86_64-little-endian @ 0x34bb0:
e_phoff: 0x40 e_shoff: 0x720d00 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 14 e_shentsize: 64 e_shnum: 42 e_shstrndx: 41
ProgramHeaders(14):
Segmentation fault (core dumped)
It happens whether built from 8596f7fae08b316bbf7ed7bf81ccdb1d12258c42 or if v0.10.2 is cargo installed. It crashes on itself, ls, and cat.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.10
Release: 22.10
Codename: kinetic
$ rustc --version
rustc 1.69.0-nightly (c8e6a9e8b 2023-01-23)
$ cargo --version
cargo 1.69.0-nightly (985d561f0 2023-01-20)
Here is the debug debugging output:
$ RUST_BACKTRACE=1 cargo run -- target/debug/bingrep
Finished dev [unoptimized + debuginfo] target(s) in 0.03s
Running `target/debug/bingrep target/debug/bingrep`
ELF DYN X86_64-little-endian @ 0x7b520:
e_phoff: 0x40 e_shoff: 0x3236158 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 14 e_shentsize: 64 e_shnum: 44 e_shstrndx: 43
ProgramHeaders(14):
thread 'main' panicked at 'attempt to add with overflow', /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/accum.rs:149:1
stack backtrace:
0: rust_begin_unwind
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/std/src/panicking.rs:575:5
1: core::panicking::panic_fmt
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/panicking.rs:64:14
2: core::panicking::panic
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/panicking.rs:114:5
3: <usize as core::iter::traits::accum::Sum>::sum::{{closure}}
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/accum.rs:53:28
4: core::iter::adapters::map::map_fold::{{closure}}
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/adapters/map.rs:84:21
5: core::iter::traits::iterator::Iterator::fold
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/iterator.rs:2438:21
6: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/adapters/map.rs:124:9
7: <usize as core::iter::traits::accum::Sum>::sum
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/accum.rs:50:17
8: core::iter::traits::iterator::Iterator::sum
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/iterator.rs:3408:9
9: prettytable::row::Row::column_count
at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/row.rs:36:9
10: prettytable::TableSlice::get_column_num
at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:75:21
11: prettytable::TableSlice::get_all_column_width
at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:117:22
12: prettytable::TableSlice::__print
at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:142:25
13: prettytable::TableSlice::print_term
at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:174:9
14: prettytable::Table::print_term
at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:362:9
15: bingrep::format::print_table_to_stdout
at ./src/format.rs:305:32
16: bingrep::format::flush
at ./src/format.rs:291:5
17: bingrep::format_elf::Elf::print
at ./src/format_elf.rs:512:9
18: bingrep::parse_elf_file
at ./src/main.rs:104:9
19: bingrep::run
at ./src/main.rs:205:29
20: bingrep::main
at ./src/main.rs:216:11
21: core::ops::function::FnOnce::call_once
at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Here is the release debugging output:
$ gdb target/release/bingrep
GNU gdb (Ubuntu 12.1-3ubuntu2) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from target/release/bingrep...
(gdb) r target/release/bingrep
Starting program: /home/home/CLionProjects/bingrep/target/release/bingrep target/release/bingrep
This GDB supports auto-downloading debuginfo from the following URLs:
https://debuginfod.ubuntu.com
Enable debuginfod for this session? (y or [n]) n
Debuginfod has been disabled.
To make this setting permanent, add 'set debuginfod enabled off' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ELF DYN X86_64-little-endian @ 0x34bb0:
e_phoff: 0x40 e_shoff: 0x720d00 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 14 e_shentsize: 64 e_shnum: 42 e_shstrndx: 41
ProgramHeaders(14):
Program received signal SIGSEGV, Segmentation fault.
0x0000555555707670 in prettytable::TableSlice::get_all_column_width ()
(gdb) bt
#0 0x0000555555707670 in prettytable::TableSlice::get_all_column_width ()
#1 0x00005555555b59c1 in prettytable::Table::print_term ()
#2 0x00005555555d157b in bingrep::format::print_table_to_stdout ()
#3 0x00005555555bfda5 in bingrep::format_elf::Elf::print ()
#4 0x00005555555b1b77 in bingrep::parse_elf_file ()
#5 0x00005555555b3db7 in bingrep::main ()
#6 0x00005555555d57d3 in std::sys_common::backtrace::__rust_begin_short_backtrace ()
#7 0x00005555555b5139 in _ZN3std2rt10lang_start28_$u7b$$u7b$closure$u7d$$u7d$17hcc4805e891370521E.llvm.6285060230740621483 ()
#8 0x000055555572cabc in core::ops::function::impls::{impl#2}::call_once<(), (dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe)> () at library/core/src/ops/function.rs:287
#9 std::panicking::try::do_call<&(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe), i32> ()
at library/std/src/panicking.rs:483
#10 std::panicking::try<i32, &(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe)> ()
at library/std/src/panicking.rs:447
#11 std::panic::catch_unwind<&(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe), i32> ()
at library/std/src/panic.rs:140
#12 std::rt::lang_start_internal::{closure#2} () at library/std/src/rt.rs:148
#13 std::panicking::try::do_call<std::rt::lang_start_internal::{closure_env#2}, isize> () at library/std/src/panicking.rs:483
#14 std::panicking::try<isize, std::rt::lang_start_internal::{closure_env#2}> () at library/std/src/panicking.rs:447
#15 std::panic::catch_unwind<std::rt::lang_start_internal::{closure_env#2}, isize> () at library/std/src/panic.rs:140
#16 std::rt::lang_start_internal () at library/std/src/rt.rs:148
#17 0x00005555555b4a25 in main ()
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 17 (13 by maintainers)
Yes. I confirm that 1.66.0 works for me.
It might not necessarily be a regression in the rust compiler. There might be undefined behavior in any of the lines of code anywhere in the program executed before the crash. It could have been silent corruption for previous rustc versions, and in the latest version the compiler could have perfectly legally decided to move things around, exposing the undefined behavior.