GNU bug report logs - #76559
31.0.50; [-O3 + PGTK] Crash when 'copying as kill'/'killing word'

Previous Next

Full log

View this message in rfc822 format

From: Pip Cet <pipcet <at> protonmail.com>
To: Po Lu <luangruo <at> yahoo.com>
Cc: Michael Albinus <michael.albinus <at> gmx.de>, Iurie Marian <marian.iurie <at> gmail.com>, 76559 <at> debbugs.gnu.org
Subject: bug#76559: 31.0.50; [-O3 + PGTK] Crash when 'copying as kill'/'killing word'
Date: Thu, 27 Feb 2025 11:33:11 +0000

"Po Lu" <luangruo <at> yahoo.com> writes:

> Pip Cet <pipcet <at> protonmail.com> writes:
>
>> This is strange, but it looks like this may be a C undefined behavior
>> bug (or, less likely, an actual GCC bug).  If the event_kind bitfield is
>> listed with size 4, shouldn't the hole after it be listed with size 4,
>> not size 6?
>
> I'm afraid that must be a Gdb or GCC debuginfo generation bug, since the
> total size of the structure is 56.  Whereas the aggregate of the values
> printed by GDB is 58.

Indeed.  It's probably unrelated.

> Judging by the expression names, it's clearly copying only the `struct
> input_event' union member.  In fact, this erroneous code is generated as
> soon as SRA processes aggregate references.

Yes, SRA seems to be the pass to blame.

> What I suspect is that there is some CU in which `struct
> selection_input_event' is incomplete or fails to appear in `union
> buffered_input_event' and that that misleads the compiler during
> link-time recompilation.  But I could be far off the mark, since I am
> very much out of touch with contemporary GCC.

See my other message.  I'm still puzzled as to why an unsafe cast in one
call path modifies the assumptions made for another call path, but I
guess it all falls under undefined behavior and we should simply apply
that patch and make sure to follow the C standard more closely.

Pip

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.