Skip to content
GitLab

g_stat - possbile memory corruption causing SEGFAULT

Investigating a regression / crashing issue in Inkscape when built with MSYS2's mingw-w64 I came up with the following minimal testcase which reproduces the segmentation fault:

#include <iostream>
#include <vector>

#include <glib/gstdio.h>

int main()
{
    std::vector<std::string> filesFound;

    GStatBuf st;
    g_stat("C:\\", &st);
}

(I compiled it with g++ test.cpp pkg-config --cflags --libs glib-2.0 -O1 -o test.exe)

What I found so far:

  • The segfault seems to occur when deleting "filesFound" and unless there's a bug in gcc (which I can't rule out at this point) this might indicate that there's some sort of memory corruption while calling g_stat.
  • The segfault occurs with glib 2.56.0 and above but not with glib 2.54.3 (and probably earlier versions).
  • The segfault occurs with gcc 8.2.0 and gcc 7.3.0 (the only other recent update besides glib I can think of).
  • The segfault occurs in 64-bit builds bot not in 32-bit builds.
  • The segfault occurs when compiled with -O1 and below but not with -O2 and above.

One change in glib that might be relevant is 53bd6a35 by @ruslanizhb. Maybe there's some discrepancy in sizes of the stat struct which is now exposed due to using 64-bit types in 64-bit builds (which was not done before AFAIK)?