This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug tree-optimization/78234] New: [7 Regression] LLVM reports dynamic-stack-buffer-overflow in gimple-ssa-store-merging.c


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78234

            Bug ID: 78234
           Summary: [7 Regression] LLVM reports
                    dynamic-stack-buffer-overflow in
                    gimple-ssa-store-merging.c
           Product: gcc
           Version: 7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: trippels at gcc dot gnu.org
                CC: ktkachov at gcc dot gnu.org
  Target Milestone: ---

with CXX="clang++ -fsanitize=address -fsanitize-address-use-after-scope"
../gcc/configure ...

I get:

markus@x4 libgcc % LSAN_OPTIONS="detect_leaks=0"
/var/tmp/gcc_build_dir_/./gcc/xgcc -B/var/tmp/gcc_build_dir_/./gcc/
-B/usr/local/x86_64-pc-linux-gnu/bin/ -B/usr/local/x86_64-pc-linux-gnu/lib/
-isystem /usr/local/x86_64-pc-linux-gnu/include -isystem
/usr/local/x86_64-pc-linux-gnu/sys-include    -g -O2 -O2  -g -O2 -DIN_GCC    -W
-Wall -Wno-narrowing -Wwrite-strings -Wcast-qual -Wstrict-prototypes
-Wmissing-prototypes -Wold-style-definition  -isystem ./include   -fpic
-mlong-double-80 -DUSE_ELF_SYMVER -g -DIN_LIBGCC2 -fbuilding-libgcc
-fno-stack-protector   -fpic -mlong-double-80 -DUSE_ELF_SYMVER -I. -I.
-I../.././gcc -I../../../gcc/libgcc -I../../../gcc/libgcc/.
-I../../../gcc/libgcc/../gcc -I../../../gcc/libgcc/../include
-I../../../gcc/libgcc/config/libbid -DENABLE_DECIMAL_BID_FORMAT -DHAVE_CC_TLS 
-DUSE_TLS -Wno-missing-prototypes -Wno-type-limits -o trunctfxf2.o -MT
trunctfxf2.o
-MD -MP -MF trunctfxf2.dep  -c ../../../gcc/libgcc/soft-fp/trunctfxf2.c
-fvisibility=hidden -DHIDE_EXPORTS
=================================================================
==4958==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fff682b1f03 at pc 0x000002f8cb35 bp 0x7fff682b1eb0 sp 0x7fff682b1ea8
READ of size 1 at 0x7fff682b1f03 thread T0
    #0 0x2f8cb34 in (anonymous namespace)::clear_bit_region(unsigned char*,
unsigned int, unsigned int)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:332:14
    #1 0x2f8bf63 in (anonymous namespace)::encode_tree_to_bitpos(tree_node*,
unsigned char*, int, int, unsigned int)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:449:6
    #2 0x2f8b4c6 in (anonymous namespace)::merged_store_group::apply_stores()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:657:18
    #3 0x2f8787f in (anonymous
namespace)::imm_store_chain_info::coalesce_immediate_stores()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:925:24
    #4 0x2f8787f in (anonymous
namespace)::imm_store_chain_info::terminate_and_process_chain()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:1260
    #5 0x2f8787f in (anonymous
namespace)::pass_store_merging::terminate_and_release_chain((anonymous
namespace)::imm_store_chain_info*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:844
    #6 0x2f8a72e in (anonymous
namespace)::pass_store_merging::terminate_all_aliasing_chains((anonymous
namespace)::imm_store_chain_info**, bool, gimple*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:829:4
    #7 0x2f85e1f in (anonymous
namespace)::pass_store_merging::execute(function*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:1488:4
    #8 0x1630b4a in execute_one_pass(opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2341:22
    #9 0x1632baa in execute_pass_list_1(opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2430:11
    #10 0x1632bcf in execute_pass_list_1(opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2431:9
    #11 0x1601146 in execute_pass_list(function*, opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2441:3
    #12 0xb7ffbb in cgraph_node::expand()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2001:3
    #13 0xb8a28a in expand_all_functions()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2137:10
    #14 0xb8a28a in symbol_table::compile()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2494
    #15 0xb8bf50 in symbol_table::finalize_compilation_unit()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2584:3
    #16 0x18bc495 in compile_file()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/toplev.c:493:15
    #17 0x18ba33e in do_compile()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/toplev.c:2012:11
    #18 0x18ba33e in toplev::main(int, char**)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/toplev.c:2146
    #19 0x327a648 in main
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/main.c:39:17
    #20 0x7f4f7fb932f0 in __libc_start_main
/home/markus/glibc/csu/../csu/libc-start.c:286
    #21 0x588e69 in _start /home/markus/glibc/csu/../sysdeps/x86_64/start.S:120

Address 0x7fff682b1f03 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:332:14 in
(anonymous namespace)::clear_bit_region(unsigned char*, unsigned int, unsigned
int)
Shadow bytes around the buggy address:
  0x10006d04e390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e3a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e3b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e3c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e3d0: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
=>0x10006d04e3e0:[03]cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
  0x10006d04e3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006d04e420: f1 f1 f1 f1 f8 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2
  0x10006d04e430: f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f8 f8 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==4958==ABORTING

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]