This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug tree-optimization/65177] [5 Regression]: extend jump thread for finite state automata causes miscompilation

From: "trippels at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Mon, 23 Feb 2015 15:37:07 +0000
Subject: [Bug tree-optimization/65177] [5 Regression]: extend jump thread for finite state automata causes miscompilation
Auto-submitted: auto-generated
References: <bug-65177-4 at http dot gcc dot gnu dot org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65177

Markus Trippelsdorf <trippels at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |trippels at gcc dot gnu.org

--- Comment #1 from Markus Trippelsdorf <trippels at gcc dot gnu.org> ---
-fsanitize=address shows:

markus@x4 impl_sse % ./optacc_utest
=================================================================
==25254==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61b00001f160 at pc 0x00000040e8a0 bp 0x7ffe6daa1620 sp 0x7ffe6daa1618
READ of size 4 at 0x61b00001f160 thread T0
    #0 0x40e89f in select_m
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:267
    #1 0x40e89f in p7_GOATrace
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:218
    #2 0x405d19 in utest_optacc optacc.c:659
    #3 0x406281 in main optacc.c:801
    #4 0x7f671f71e6cf in __libc_start_main (/lib/libc.so.6+0x206cf)
    #5 0x402448 in _start
(/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/impl_sse/optacc_utest+0x402448)

0x61b00001f160 is located 32 bytes to the left of 1440-byte region
[0x61b00001f180,0x61b00001f720)
allocated by thread T0 here:
    #0 0x7f671ffaf502 in malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/5.0.0/libasan.so.2+0x9c502)
    #1 0x41c667 in p7_profile_Create
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/p7_profile.c:68

SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:267 select_m
Shadow bytes around the buggy address:
  0x0c367fffbdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbe10: 00 07 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c367fffbe20: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa
  0x0c367fffbe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffbe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==25254==ABORTING

valgrind:
markus@x4 impl_sse % valgrind ./optacc_utest
==32064== Memcheck, a memory error detector
==32064== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==32064== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==32064== Command: ./optacc_utest
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x406851: select_m (generic_optacc.c:267)
==32064==    by 0x406851: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x525c610 is 32 bytes before a block of size 1,440 in arena
"client"
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x40689B: select_m (generic_optacc.c:268)
==32064==    by 0x40689B: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x525c614 is 28 bytes before a block of size 1,440 in arena
"client"
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x4068D1: select_m (generic_optacc.c:269)
==32064==    by 0x4068D1: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x525c618 is 24 bytes before a block of size 1,440 alloc'd
==32064==    at 0x4028C70: malloc (vg_replace_malloc.c:296)
==32064==    by 0x40C05D: p7_profile_Create (p7_profile.c:68)
==32064==    by 0x416DAD: p7_oprofile_Sample (p7_oprofile.c:1579)
==32064==    by 0x402FCC: utest_optacc (optacc.c:621)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x4068FF: select_m (generic_optacc.c:270)
==32064==    by 0x4068FF: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x525c61c is 20 bytes before a block of size 1,440 alloc'd
==32064==    at 0x4028C70: malloc (vg_replace_malloc.c:296)
==32064==    by 0x40C05D: p7_profile_Create (p7_profile.c:68)
==32064==    by 0x416DAD: p7_oprofile_Sample (p7_oprofile.c:1579)
==32064==    by 0x402FCC: utest_optacc (optacc.c:621)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x406877: select_m (generic_optacc.c:267)
==32064==    by 0x406877: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x5275954 is 12 bytes after a block of size 440 alloc'd
==32064==    at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064==    by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179)
==32064==    by 0x4030A1: utest_optacc (optacc.c:627)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x4068AD: select_m (generic_optacc.c:268)
==32064==    by 0x4068AD: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x5275958 is 16 bytes after a block of size 440 alloc'd
==32064==    at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064==    by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179)
==32064==    by 0x4030A1: utest_optacc (optacc.c:627)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x4068E3: select_m (generic_optacc.c:269)
==32064==    by 0x4068E3: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x527595c is 20 bytes after a block of size 440 alloc'd
==32064==    at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064==    by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179)
==32064==    by 0x4030A1: utest_optacc (optacc.c:627)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== Invalid read of size 4
==32064==    at 0x406E57: p7_GOATrace (generic_optacc.c:231)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x527d6c4 is 12 bytes after a block of size 440 alloc'd
==32064==    at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064==    by 0x4082FA: p7_gmx_GrowTo (p7_gmx.c:123)
==32064==    by 0x4030C5: utest_optacc (optacc.c:628)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== Invalid read of size 8
==32064==    at 0x406874: select_m (generic_optacc.c:267)
==32064==    by 0x406874: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  Address 0x527d4f8 is 8 bytes before a block of size 440 alloc'd
==32064==    at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064==    by 0x4082FA: p7_gmx_GrowTo (p7_gmx.c:123)
==32064==    by 0x4030C5: utest_optacc (optacc.c:628)
==32064==    by 0x40369C: main (optacc.c:801)
==32064== 
==32064== 
==32064== Process terminating with default action of signal 11 (SIGSEGV)
==32064==  Access not within mapped region at address 0xFFFFFFFFFFFFFFB8
==32064==    at 0x406877: select_m (generic_optacc.c:267)
==32064==    by 0x406877: p7_GOATrace (generic_optacc.c:218)
==32064==    by 0x4032B8: utest_optacc (optacc.c:659)
==32064==    by 0x40369C: main (optacc.c:801)
==32064==  If you believe this happened as a result of a stack
==32064==  overflow in your program's main thread (unlikely but
==32064==  possible), you can try to increase the size of the
==32064==  main thread stack using the --main-stacksize= flag.
==32064==  The main thread stack size used in this run was 8388608.

References:
- [Bug tree-optimization/65177] New: [5 Regression]: extend jump thread for finite state automata causes miscompilation
  - From: marxin at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]