SIGSEGV/Pike fatal due to Pike code execution attempt in compiler
Imported from http://bugzilla.roxen.com/bugzilla/show_bug.cgi?id=5273
Reported by Martin Karlgren marty@roxen.com
Verified in 7.8.408
Occurs while trying to compile the following test case:
class Test
{
protected object foo;
mixed `-> (mixed what)
{
return foo;
}
int bar ()
{
return (this_object()->gazonk == "foo") ? 1 : 0;
}
}
With RTLDEBUG:
/home/marty/Pike/7.8/src/svalue.c:2070: Fatal error:
Invalid type 42904 in svalue at 0xa49f9a8.
Backtrace at time of fatal:
test.pike:7: object(/home/marty/test.pike:1)->`->("gazonk")
test.pike:8: object(/home/marty/test.pike:1)->bar()
-:1: PikeCompiler("", UNDEFINED, -1, -1, target, UNDEFINED)->compile()
-:1: DefaultCompilerEnvironment->compile(PikeCompiler("", UNDEFINED, -1, -1, target, UNDEFINED))
Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike:1074:
compile_string("class Test\n{\n protected object foo;\n\n mixed `-> (mixed what)\n {\n return foo;\n }\n\n int bar ()\n {\n return (t
his_object()->gazonk"+[62],"/home/marty/test.pike",UNDEFINED,/home/marty/test,0,UNDEFINED)
Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike:1768: master()->low_findprog("/home/marty/test",".pike",UNDEFINED,UNDEFINED)
Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike:1877: master()->findprog("/home/marty/test",".pike",UNDEFINED,UNDEFINED)
Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike:1916:
master()->low_cast_to_program("/home/marty/test","/home/marty/Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike",UNDEFINED,UNDEFINED)
Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike:1950:
master()->cast_to_program("/home/marty/test.pike","/home/marty/Pike/7.8/build/linux-2.6.28-17-generic-i686/master.pike",UNDEFINED)
===================================
(gdb) bt
#0 0xb80c5430 in __kernel_vsyscall ()
#1 0xb7e986d0 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7e9a098 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0810d777 in debug_va_fatal (fmt=0x83483f0 "Invalid type %d in svalue at %p.\n", args=0xbf8bde44 "\230?") at /home/marty/Pike/7.8/src/error.c:644
#4 0x0810d8e8 in debug_fatal (fmt=0x83483f0 "Invalid type %d in svalue at %p.\n") at /home/marty/Pike/7.8/src/error.c:651
#5 0x0821bc6d in debug_svalue_type_error (s=0xa49f9a8) at /home/marty/Pike/7.8/src/svalue.c:2070
#6 0x0818c573 in low_object_index_no_free (to=0xb7c7e1e0, o=0xa45a768, f=0) at /home/marty/Pike/7.8/src/object.c:1229
#7 0xb7bf8528 in ?? ()
#8 0x0809f880 in mega_apply (type=APPLY_LOW, args=1, arg1=0xa45a768, arg2=0x1) at /home/marty/Pike/7.8/src/interpret.c:1421
#9 0x080a043f in apply_lfun (o=0xa45a768, fun=22, args=1) at /home/marty/Pike/7.8/src/interpret.c:2599
#10 0x0818d48d in object_index_no_free (to=0xbf8be030, o=0xa45a768, inherit_number=0, index=0xbf8be038) at /home/marty/Pike/7.8/src/object.c:1380
#11 0x081a6ac3 in index_no_free (to=0xbf8be030, what=0xb7c7e1d0, ind=0xbf8be038) at /home/marty/Pike/7.8/src/operators.c:87
#12 0x0808a6e3 in opcode_F_ARROW (arg1=2) at /home/marty/Pike/7.8/src/interpret_functions.h:1842
#13 0xb7bf8572 in ?? ()
#14 0x0809b922 in apply_low_safe_and_stupid (o=0xa45a768, offset=114) at /home/marty/Pike/7.8/src/interpret.c:1421
#15 0x0822b630 in eval_low (n=0xa4c28f8, print_error=0) at /home/marty/Pike/7.8/src/las.c:5274
#16 0x0822ba63 in node_is_tossable (n=0xa4c28f8) at /home/marty/Pike/7.8/src/las.c:1989
#17 0x0823488f in optimize (n=0xa4c2880) at /home/marty/Pike/7.8/src/treeopt.h:307
#18 0x0823cbdd in optimize_node (n=0xa4c27b8) at /home/marty/Pike/7.8/src/las.c:5200
#19 0x0823cc73 in dooptcode (name=0xa4c4dfc, n=0xa4c27b8, type=0xa45291c, modifiers=0) at /home/marty/Pike/7.8/src/las.c:5511
#20 0x08075376 in yyparse () at language.yacc:1086
#21 0x081c9058 in run_pass2 (c=0xa48ad50) at /home/marty/Pike/7.8/src/program.c:8296
#22 0x081c98ab in f_compilation_compile (args=0) at /home/marty/Pike/7.8/src/program.c:8759
#23 0x0809d2c2 in low_mega_apply (type=APPLY_LOW, args=<value optimized out>, arg1=0xa45a780, arg2=0x1) at /home/marty/Pike/7.8/src/apply_low.h:226
#24 0x0809f687 in mega_apply (type=APPLY_LOW, args=0, arg1=0xa45a780, arg2=0x1) at /home/marty/Pike/7.8/src/interpret.c:2211
#25 0x080a0380 in apply (o=0xa45a780, fun=0x8340eff "compile", args=0) at /home/marty/Pike/7.8/src/interpret.c:2617
#26 0x081ab865 in f_compilation_env_compile (args=6) at /home/marty/Pike/7.8/src/program.c:7841
#27 0x0809d2c2 in low_mega_apply (type=APPLY_LOW, args=<value optimized out>, arg1=0xa45aa50, arg2=0x1) at /home/marty/Pike/7.8/src/apply_low.h:226
#28 0x0809f687 in mega_apply (type=APPLY_LOW, args=6, arg1=0xa45aa50, arg2=0x1) at /home/marty/Pike/7.8/src/interpret.c:2211
#29 0x0824a13a in f_compile (args=6) at /home/marty/Pike/7.8/src/builtin_functions.c:4229
#30 0x08084d5a in opcode_F_CALL_BUILTIN (arg1=33) at /home/marty/Pike/7.8/src/interpret_functions.h:2303
#31 0xb7b35dbd in ?? ()
#32 0x08098f0b in catching_eval_instruction (pc=0xb7b3b41f "?0?;\b\203@\034\024?D$\004?") at /home/marty/Pike/7.8/src/interpret.c:1421
#33 0x080992cd in jump_opcode_F_CATCH () at /home/marty/Pike/7.8/src/interpret_functions.h:1287
#34 0xb7b3b419 in ?? ()
#35 0x0809f880 in mega_apply (type=APPLY_LOW, args=2, arg1=0xa45a9f0, arg2=0x2c) at /home/marty/Pike/7.8/src/interpret.c:1421
#36 0x081a0548 in o_cast (type=0xa452cb8, run_time_type=5) at /home/marty/Pike/7.8/src/operators.c:678
#37 0x081a1ccb in f_cast () at /home/marty/Pike/7.8/src/operators.c:898
#38 0xb7b4b96d in ?? ()
#39 0x08098f0b in catching_eval_instruction (pc=0xb7b4b906 "?0?;\b\203@\034\027?\004$Z") at /home/marty/Pike/7.8/src/interpret.c:1421
#40 0x080992cd in jump_opcode_F_CATCH () at /home/marty/Pike/7.8/src/interpret_functions.h:1287
#41 0xb7b4b900 in ?? ()
#42 0x0809f880 in mega_apply (type=APPLY_LOW, args=1, arg1=0xa45a9f0, arg2=0x38) at /home/marty/Pike/7.8/src/interpret.c:1421
#43 0x080a0380 in apply (o=0xa45a9f0, fun=0x830bc25 "_main", args=1) at /home/marty/Pike/7.8/src/interpret.c:2617
#44 0x0807147e in main (argc=2, argv=0xbf8bf7b4) at /home/marty/Pike/7.8/src/main.c:634