Skip to content

zig cc: frexp() segfaults on Windows with bad call address #9845

New issue
New issue
Closed
#9852
Closed
zig cc: frexp() segfaults on Windows with bad call address#9845
#9852
Labels
bugObserved behavior contradicts documented or intended behaviorcontributor friendlyThis issue is limited in scope and/or knowledge of Zig internals.os-windowsMicrosoft Windowsstandard libraryThis issue involves writing Zig code for the standard library.
Milestone
0.9.0
@jcmoyer

Description

@jcmoyer
jcmoyer
opened on Sep 26, 2021

Platform: Windows 10 20H2 x64.

Zig 1f2f9f0 built with MSVC 16.10.2.30804 using llvm+clang+lld-12.0.1-rc1-x86_64-windows-msvc-release-mt from the wiki page.

Compiling with that same version of clang produces a working executable.

Code:

// test.c
#include <stdio.h>
#include <math.h>

int main(int argc, char* argv[]) {
    int i;
    printf("frexp at %p\n", frexp);
    double x = frexp(100.0, &i);
    printf("%f = %f * 2^%d\n", x * pow(2, i), x, i);
    return 0;
}

Compile with zig cc -g test.c

This prints: frexp at 00007ff5b19ee9d0 and then segfaults. It doesn't matter if the build is -O0 or -O3.

lldb says:

(lldb) bt
* thread #1, stop reason = Exception 0xc0000005 encountered at address 0x7ff5b19ee9d0: User-mode data execution prevention (DEP) violation at location 0x7ff5b19ee9d0
  * frame #0: 0x00007ff5b19ee9d0
    frame #1: 0x00007ff6089a104b a.exe`main(argc=<unavailable>, argv=<unavailable>) at test.c:7
    frame #2: 0x00007ff6089a1528 a.exe`WinMainCRTStartup + 696
    frame #3: 0x00007ff6089a1576 a.exe`mainCRTStartup + 22
    frame #4: 0x00007ffcb15e7034 kernel32.dll`BaseThreadInitThunk + 20
    frame #5: 0x00007ffcb2142651 ntdll.dll`RtlUserThreadStart + 33

(lldb) up
frame #1: 0x00007ff6089a104b a.exe`main(argc=<unavailable>, argv=<unavailable>) at test.c:7
   4    int main(int argc, char* argv[]) {
   5      int i;
   6      printf("frexp at %p\n", frexp);
-> 7      double x = frexp(100.0, &i);
   8      printf("%f = %f * 2^%d\n", x * pow(2, i), x, i);
   9      return 0;
   10   }

(lldb) disas
a.exe`main:
    0x7ff6089a1000 <+0>:   pushq  %rbp
    0x7ff6089a1001 <+1>:   pushq  %rsi
    0x7ff6089a1002 <+2>:   pushq  %rdi
    0x7ff6089a1003 <+3>:   subq   $0x40, %rsp
    0x7ff6089a1007 <+7>:   leaq   0x40(%rsp), %rbp
    0x7ff6089a100c <+12>:  vmovaps %xmm6, -0x10(%rbp)
    0x7ff6089a1011 <+17>:  movq   0xe018(%rip), %rdi        ; .refptr.__stack_chk_guard
    0x7ff6089a1018 <+24>:  callq  0x7ff6089a1660            ; __main
    0x7ff6089a101d <+29>:  movq   (%rdi), %rax
    0x7ff6089a1020 <+32>:  xorq   %rbp, %rax
    0x7ff6089a1023 <+35>:  movq   %rax, -0x18(%rbp)
    0x7ff6089a1027 <+39>:  leaq   0xdfe2(%rip), %rcx
    0x7ff6089a102e <+46>:  leaq   -0x56fb2665(%rip), %rdx
    0x7ff6089a1035 <+53>:  callq  0x7ff6089a10b0            ; printf at stdio.h:369
    0x7ff6089a103a <+58>:  vmovsd 0xdfbe(%rip), %xmm0       ; xmm0 = mem[0],zero
    0x7ff6089a1042 <+66>:  leaq   -0x1c(%rbp), %rdx
    0x7ff6089a1046 <+70>:  callq  0x7ff5b19ee9d0
->  0x7ff6089a104b <+75>:  vmovapd %xmm0, %xmm6
    0x7ff6089a104f <+79>:  movl   -0x1c(%rbp), %esi
    0x7ff6089a1052 <+82>:  vmovsd 0xdfae(%rip), %xmm0       ; xmm0 = mem[0],zero
    0x7ff6089a105a <+90>:  movl   %esi, %edx
    0x7ff6089a105c <+92>:  callq  0x7ff6089a1f20            ; ldexp
    0x7ff6089a1061 <+97>:  vmulsd %xmm0, %xmm6, %xmm1
    0x7ff6089a1065 <+101>: leaq   0xdfb1(%rip), %rcx
    0x7ff6089a106c <+108>: vmovq  %xmm1, %rdx
    0x7ff6089a1071 <+113>: vmovapd %xmm6, %xmm2
    0x7ff6089a1075 <+117>: vmovq  %xmm6, %r8
    0x7ff6089a107a <+122>: movl   %esi, %r9d
    0x7ff6089a107d <+125>: callq  0x7ff6089a10b0            ; printf at stdio.h:369
    0x7ff6089a1082 <+130>: movq   -0x18(%rbp), %rax
    0x7ff6089a1086 <+134>: xorq   %rbp, %rax
    0x7ff6089a1089 <+137>: movq   (%rdi), %rcx
    0x7ff6089a108c <+140>: cmpq   %rax, %rcx
    0x7ff6089a108f <+143>: jne    0x7ff6089a10a0            ; <+160> at test.c:9
    0x7ff6089a1091 <+145>: xorl   %eax, %eax
    0x7ff6089a1093 <+147>: vmovaps -0x10(%rbp), %xmm6
    0x7ff6089a1098 <+152>: addq   $0x40, %rsp
    0x7ff6089a109c <+156>: popq   %rdi
    0x7ff6089a109d <+157>: popq   %rsi
    0x7ff6089a109e <+158>: popq   %rbp
    0x7ff6089a109f <+159>: retq
    0x7ff6089a10a0 <+160>: callq  0x7ff6089a2080            ; __stack_chk_fail
    0x7ff6089a10a5 <+165>: int3

The call right before the arrow is suspect, callq 0x7ff5b19ee9d0

This address is not executable (and it is not mapped), note that all code exists above 0x7ff6089a0000:

(lldb) image dump sections
Dumping sections for 5 modules.
Sections for 'D:\...\a.exe' (x86_64):
  SectID     Type             Load Address                             Perm File Off.  File Size  Flags      Section Name
  ---------- ---------------- ---------------------------------------  ---- ---------- ---------- ---------- ----------------------------
  0xffffffffffffffff regular  [0x00007ff6089a0000-0x00007ff6089a0400)  r--  0x00000000 0x00000400 0x00000000 a.exe.PECOFF header
  0x00000001 code             [0x00007ff6089a1000-0x00007ff6089aec66)  r-x  0x00000400 0x0000de00 0x60000020 a.exe..text
  0x00000002 data             [0x00007ff6089af000-0x00007ff6089b046c)  r--  0x0000e200 0x00001600 0x40000040 a.exe..rdata
  0x00000003 data             [0x00007ff6089b1000-0x00007ff6089b107f)  r--  0x0000f800 0x00000200 0x40000040 a.exe..buildid
  0x00000004 data             [0x00007ff6089b2000-0x00007ff6089b3b40)  rw-  0x0000fa00 0x00000200 0xc0000040 a.exe..data  
  0x00000005 data             [0x00007ff6089b4000-0x00007ff6089b463c)  r--  0x0000fc00 0x00000800 0x40000040 a.exe..pdata
  0x00000006 data             [0x00007ff6089b5000-0x00007ff6089b5010)  rw-  0x00010400 0x00000200 0xc0000040 a.exe..tls
  0x00000007 regular          [0x00007ff6089b6000-0x00007ff6089b6080)  r--  0x00010600 0x00000200 0x42000040 a.exe..reloc
Sections for 'C:\Windows\System32\ntdll.dll' (x86_64):
  SectID     Type             Load Address                             Perm File Off.  File Size  Flags      Section Name
  ---------- ---------------- ---------------------------------------  ---- ---------- ---------- ---------- ----------------------------
  0xffffffffffffffff regular  [0x00007ffcb20f0000-0x00007ffcb20f0400)  r--  0x00000000 0x00000400 0x00000000 ntdll.dll.PECOFF header
  0x00000001 code             [0x00007ffcb20f1000-0x00007ffcb2209f1e)  r-x  0x00000400 0x00119000 0x60000020 ntdll.dll..text
  0x00000002 code             [0x00007ffcb220a000-0x00007ffcb220a592)  r-x  0x00119400 0x00000600 0x60000020 ntdll.dll.PAGE
  0x00000003 code             [0x00007ffcb220b000-0x00007ffcb220b1f9)  r-x  0x00119a00 0x00000200 0x60000020 ntdll.dll.RT
  0x00000004 data             [0x00007ffcb220c000-0x00007ffcb2253fe1)  r--  0x00119c00 0x00048000 0x40000040 ntdll.dll..rdata
  0x00000005 data             [0x00007ffcb2254000-0x00007ffcb225f518)  rw-  0x00161c00 0x00004000 0xc0000040 ntdll.dll..data
  0x00000006 data             [0x00007ffcb2260000-0x00007ffcb226e4fc)  r--  0x00165c00 0x0000e600 0x40000040 ntdll.dll..pdata
  0x00000007 data             [0x00007ffcb226f000-0x00007ffcb2272520)  rw-  0x00174200 0x00003600 0xc0000040 ntdll.dll..mrdata
  0x00000008 data             [0x00007ffcb2273000-0x00007ffcb2273008)  r--  0x00177800 0x00000200 0x40000040 ntdll.dll..00cfg
  0x00000009 data             [0x00007ffcb2274000-0x00007ffcb22e3dc8)  r--  0x00177a00 0x0006fe00 0x40000040 ntdll.dll..rsrc
  0x0000000a regular          [0x00007ffcb22e4000-0x00007ffcb22e4548)  r--  0x001e7800 0x00000600 0x42000040 ntdll.dll..reloc
Sections for 'C:\Windows\System32\kernel32.dll' (x86_64):
  SectID     Type             Load Address                             Perm File Off.  File Size  Flags      Section Name
  ---------- ---------------- ---------------------------------------  ---- ---------- ---------- ---------- ----------------------------
  0xffffffffffffffff regular  [0x00007ffcb15d0000-0x00007ffcb15d0400)  r--  0x00000000 0x00000400 0x00000000 kernel32.dll.PECOFF header
  0x00000001 code             [0x00007ffcb15d1000-0x00007ffcb164e23b)  r-x  0x00000400 0x0007d400 0x60000020 kernel32.dll..text
  0x00000002 data             [0x00007ffcb164f000-0x00007ffcb1681e86)  r--  0x0007d800 0x00033000 0x40000040 kernel32.dll..rdata
  0x00000003 data             [0x00007ffcb1682000-0x00007ffcb168321c)  rw-  0x000b0800 0x00000600 0xc0000040 kernel32.dll..data
  0x00000004 data             [0x00007ffcb1684000-0x00007ffcb1689550)  r--  0x000b0e00 0x00005600 0x40000040 kernel32.dll..pdata
  0x00000005 data             [0x00007ffcb168a000-0x00007ffcb168a068)  rw-  0x000b6400 0x00000200 0xc0000040 kernel32.dll..didat
  0x00000006 data             [0x00007ffcb168b000-0x00007ffcb168b520)  r--  0x000b6600 0x00000600 0x40000040 kernel32.dll..rsrc
  0x00000007 regular          [0x00007ffcb168c000-0x00007ffcb168c300)  r--  0x000b6c00 0x00000400 0x42000040 kernel32.dll..reloc
Sections for 'C:\Windows\System32\KernelBase.dll' (x86_64):
  SectID     Type             Load Address                             Perm File Off.  File Size  Flags      Section Name
  ---------- ---------------- ---------------------------------------  ---- ---------- ---------- ---------- ----------------------------
  0xffffffffffffffff regular  [0x00007ffcafd50000-0x00007ffcafd50400)  r--  0x00000000 0x00000400 0x00000000 KernelBase.dll.PECOFF header
  0x00000001 code             [0x00007ffcafd51000-0x00007ffcafe618dd)  r-x  0x00000400 0x00110a00 0x60000020 KernelBase.dll..text
  0x00000002 data             [0x00007ffcafe62000-0x00007ffcaffd935a)  r--  0x00110e00 0x00177400 0x40000040 KernelBase.dll..rdata
  0x00000003 data             [0x00007ffcaffda000-0x00007ffcaffde440)  rw-  0x00288200 0x00001400 0xc0000040 KernelBase.dll..data
  0x00000004 data             [0x00007ffcaffdf000-0x00007ffcaffed7e4)  r--  0x00289600 0x0000e800 0x40000040 KernelBase.dll..pdata
  0x00000005 data             [0x00007ffcaffee000-0x00007ffcaffee6c8)  rw-  0x00297e00 0x00000800 0xc0000040 KernelBase.dll..didat
  0x00000006 data             [0x00007ffcaffef000-0x00007ffcaffef548)  r--  0x00298600 0x00000600 0x40000040 KernelBase.dll..rsrc
  0x00000007 regular          [0x00007ffcafff0000-0x00007ffcb00179f0)  r--  0x00298c00 0x00027a00 0x42000040 KernelBase.dll..reloc
Sections for 'C:\Windows\System32\msvcrt.dll' (x86_64):
  SectID     Type             Load Address                             Perm File Off.  File Size  Flags      Section Name
  ---------- ---------------- ---------------------------------------  ---- ---------- ---------- ---------- ----------------------------
  0xffffffffffffffff regular  [0x00007ffcb1980000-0x00007ffcb1980400)  r--  0x00000000 0x00000400 0x00000000 msvcrt.dll.PECOFF header
  0x00000001 code             [0x00007ffcb1981000-0x00007ffcb19f56d1)  r-x  0x00000400 0x00074800 0x60000020 msvcrt.dll..text
  0x00000002 data             [0x00007ffcb19f6000-0x00007ffcb1a0ecc0)  r--  0x00074c00 0x00018e00 0x40000040 msvcrt.dll..rdata
  0x00000003 data             [0x00007ffcb1a0f000-0x00007ffcb1a16c00)  rw-  0x0008da00 0x00005600 0xc0000040 msvcrt.dll..data
  0x00000004 data             [0x00007ffcb1a17000-0x00007ffcb1a1b65c)  r--  0x00093000 0x00004800 0x40000040 msvcrt.dll..pdata
  0x00000005 data             [0x00007ffcb1a1c000-0x00007ffcb1a1c3f0)  r--  0x00097800 0x00000400 0x40000040 msvcrt.dll..rsrc
  0x00000006 regular          [0x00007ffcb1a1d000-0x00007ffcb1a1d4a8)  r--  0x00097c00 0x00000600 0x42000040 msvcrt.dll..reloc

I'm not really sure how to go about debugging this further, any assistance would be greatly appreciated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugObserved behavior contradicts documented or intended behaviorcontributor friendlyThis issue is limited in scope and/or knowledge of Zig internals.os-windowsMicrosoft Windowsstandard libraryThis issue involves writing Zig code for the standard library.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions