This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: gcc generated long read out of bounds segfault
- From: David Fries <David at Fries dot net>
- To: Andreas Schwab <schwab at linux-m68k dot org>
- Cc: gcc at gcc dot gnu dot org
- Date: Sat, 22 Feb 2014 12:25:19 -0600
- Subject: Re: gcc generated long read out of bounds segfault
- Authentication-results: sourceware.org; auth=none
- References: <20140222065716 dot GA13355 at spacedout dot fries dot net> <m2d2ifa8od dot fsf at linux-m68k dot org>
On Sat, Feb 22, 2014 at 08:49:38AM +0100, Andreas Schwab wrote:
> David Fries <David@Fries.net> writes:
>
> > The attached program sets up and reads through the array with extra
> > padding at the of the array from 8 bytes to 0 bytes. Padding from 4
> > to 0 crashes.
>
> This program has undefined behaviour because you are using unaligned
> pointers.
The structure is only made up of an 8 bit type "char", and it is
aligned to a multiple of the struct rgb data size which is 3. How is
that unaligned?
I thought the compiler would pad the structure out to make it aligned,
does that mean the following has undefined behavior?
struct rgb3 { char r, g, b;} v[2];
void fun3(struct rgb3 r) { v[0] = r; }
void array3()
{
fun3(v[1]);
}
void align()
{
struct rgb3 t0, t1, t2, t3, t4, t5, t6, *pt;
t6.r = 0;
t6.g = 1;
t6.b = 2;
printf("t6 %lu, %lu, %lu, %lu, %lu, %lu, %lu\n", (size_t)&t6,
- (size_t)&t5 + (size_t)&t6,
- (size_t)&t4 + (size_t)&t6,
- (size_t)&t3 + (size_t)&t6,
- (size_t)&t2 + (size_t)&t6,
- (size_t)&t1 + (size_t)&t6,
- (size_t)&t0 + (size_t)&t6);
t0 = t1 = t2 = t3 = t4 = t5 = t6;
pt = &t0;
fun3(*pt);
}
With -Os
t6 140737107100125, 3, 6, 9, 12, 15, 18
Would have the same problem, does that mean you can't trust taking the
address of anything on the stack?
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36043
--
David Fries <david@fries.net> PGP pub CB1EE8F0
http://fries.net/~david/