This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug testsuite/63830] New: c-c++-common/asan/strlen-overflow-1.c fails on x32

From: "hjl.tools at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Wed, 12 Nov 2014 01:49:37 +0000
Subject: [Bug testsuite/63830] New: c-c++-common/asan/strlen-overflow-1.c fails on x32
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63830

            Bug ID: 63830
           Summary: c-c++-common/asan/strlen-overflow-1.c fails on x32
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: testsuite
          Assignee: unassigned at gcc dot gnu.org
          Reporter: hjl.tools at gmail dot com

c-c++-common/asan/strlen-overflow-1.c fails on x32:

FAIL: c-c++-common/asan/strlen-overflow-1.c   -O2  output pattern test, is
=================================================================
FAIL: c-c++-common/asan/strlen-overflow-1.c   -O3 -fomit-frame-pointer  output
pattern test, is
=================================================================
FAIL: c-c++-common/asan/strlen-overflow-1.c   -O3 -g  output pattern test, is
=================================================================
FAIL: c-c++-common/asan/strlen-overflow-1.c   -Os  output pattern test, is
=================================================================
FAIL: g++.dg/ipa/devirt-42.C  -std=gnu++11  scan-tree-dump-times optimized
"return 2" 2

with

==6754==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00600ac1
at pc 0xf6e0841f bp 0xffbf4850 sp 0xffbf4410
READ of size 2 at 0x00600ac1 thread T0
    #0 0xf6e0841e in __interceptor_strlen
/export/gnu/import/git/gcc/libsanitizer/asan/asan_interceptors.cc:531
    #1 0xf6713099 in __libc_start_main (/libx32/libc.so.6+0x19099)
    #2 0x400620
(/export/build/gnu/gcc-x32/build-x86_64-linux/gcc/strlen-overflow-1.exe+0x400620)

Backtrace doesn't include main.  It is because x32 has

main ()
{
  char * p;
  unsigned int _5;
  int _6;

  <bb 2>:
  __asm__("" : "=r" p_2 : "0" &a[0]);
  _5 = strlen (&a);
  _6 = (int) _5;
  return _6;

}

which is optimized with tailcall:

main:
    movl    $a, %edi
    jmp    strlen

This patch:

diff --git a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
index 0f49286..33696ed 100644
--- a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
+++ b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
@@ -16,7 +16,7 @@ int main () {
   char *p = &a[0];
   asm ("" : "+r"(p));
   __asan_poison_memory_region ((char *)&a[1], 1);
-  return __builtin_strlen (a);
+  return __builtin_strlen (a) + 1;
 }

 /* { dg-output "READ of size 2 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */

avoids tail call.

Follow-Ups:
- [Bug testsuite/63830] c-c++-common/asan/strlen-overflow-1.c fails on x32
  - From: hjl at gcc dot gnu.org
- [Bug testsuite/63830] c-c++-common/asan/strlen-overflow-1.c fails on x32
  - From: hjl.tools at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]