This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug testsuite/63830] New: c-c++-common/asan/strlen-overflow-1.c fails on x32
- From: "hjl.tools at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 12 Nov 2014 01:49:37 +0000
- Subject: [Bug testsuite/63830] New: c-c++-common/asan/strlen-overflow-1.c fails on x32
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63830
Bug ID: 63830
Summary: c-c++-common/asan/strlen-overflow-1.c fails on x32
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: testsuite
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
c-c++-common/asan/strlen-overflow-1.c fails on x32:
FAIL: c-c++-common/asan/strlen-overflow-1.c -O2 output pattern test, is
=================================================================
FAIL: c-c++-common/asan/strlen-overflow-1.c -O3 -fomit-frame-pointer output
pattern test, is
=================================================================
FAIL: c-c++-common/asan/strlen-overflow-1.c -O3 -g output pattern test, is
=================================================================
FAIL: c-c++-common/asan/strlen-overflow-1.c -Os output pattern test, is
=================================================================
FAIL: g++.dg/ipa/devirt-42.C -std=gnu++11 scan-tree-dump-times optimized
"return 2" 2
with
==6754==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00600ac1
at pc 0xf6e0841f bp 0xffbf4850 sp 0xffbf4410
READ of size 2 at 0x00600ac1 thread T0
#0 0xf6e0841e in __interceptor_strlen
/export/gnu/import/git/gcc/libsanitizer/asan/asan_interceptors.cc:531
#1 0xf6713099 in __libc_start_main (/libx32/libc.so.6+0x19099)
#2 0x400620
(/export/build/gnu/gcc-x32/build-x86_64-linux/gcc/strlen-overflow-1.exe+0x400620)
Backtrace doesn't include main. It is because x32 has
main ()
{
char * p;
unsigned int _5;
int _6;
<bb 2>:
__asm__("" : "=r" p_2 : "0" &a[0]);
_5 = strlen (&a);
_6 = (int) _5;
return _6;
}
which is optimized with tailcall:
main:
movl $a, %edi
jmp strlen
This patch:
diff --git a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
index 0f49286..33696ed 100644
--- a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
+++ b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
@@ -16,7 +16,7 @@ int main () {
char *p = &a[0];
asm ("" : "+r"(p));
__asan_poison_memory_region ((char *)&a[1], 1);
- return __builtin_strlen (a);
+ return __builtin_strlen (a) + 1;
}
/* { dg-output "READ of size 2 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */
avoids tail call.