This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
- From: "tejohnson at google dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 21 Nov 2012 05:51:12 +0000
- Subject: [Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
- Auto-submitted: auto-generated
- References: <bug-55417-4@http.gcc.gnu.org/bugzilla/>
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417
--- Comment #2 from Teresa Johnson <tejohnson at google dot com> 2012-11-21 05:51:12 UTC ---
The following patch should fix it. I am running regression testing
now, but am leaving town imminently for several days and can send the
patch for review when I get back Sunday.
Teresa
2012-11-20 Teresa Johnson <tejohnson@google.com>
PR gcov-profile/55417
* profile.c (compute_working_sets): Check index first
to avoid out-of-bounds array access.
Index: profile.c
===================================================================
--- profile.c (revision 193614)
+++ profile.c (working copy)
@@ -291,8 +291,8 @@ compute_working_sets (void)
/* Next walk through successive working set entries and fill in
the statistics for any whose size we have reached by accumulating
this histogram counter. */
- while (tmp_cum >= working_set_cum_values[ws_ix]
- && ws_ix < NUM_GCOV_WORKING_SETS)
+ while (ws_ix < NUM_GCOV_WORKING_SETS
+ && tmp_cum >= working_set_cum_values[ws_ix])
{
gcov_working_sets[ws_ix].num_counters = count;
gcov_working_sets[ws_ix].min_counter
On Tue, Nov 20, 2012 at 1:06 PM, markus at trippelsdorf dot de
<gcc-bugzilla@gcc.gnu.org> wrote:
>
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417
>
> --- Comment #1 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-11-20 21:06:46 UTC ---
> Valgrind shows:
>
> % /var/tmp/gcc_valgrind/usr/local/bin/g++ -w -fprofile-use -O3
> /home/markus/bench.cpp
> ==522== Conditional jump or move depends on uninitialised value(s)
> ==522== at 0x9E082B: compute_branch_probabilities(unsigned int, unsigned
> int) (profile.c:294)
> ==522== by 0x9E2544: branch_prob() (profile.c:1371)
> ==522== by 0xAFF5F5: tree_profiling() (tree-profile.c:483)
> ==522== by 0x9CBD2A: execute_one_pass(opt_pass*) (passes.c:2327)
> ==522== by 0x9CC789: execute_ipa_pass_list(opt_pass*) (passes.c:2692)
> ==522== by 0x79429F: compile() (cgraphunit.c:1869)
> ==522== by 0x794B99: finalize_compilation_unit() (cgraphunit.c:2120)
> ==522== by 0x5B4A0E: cp_write_global_declarations() (decl2.c:4287)
> ==522== by 0xA6D5BC: compile_file() (toplev.c:559)
> ==522== by 0xA6F479: toplev_main(int, char**) (toplev.c:1881)
> ==522== by 0x4ECD894: (below main) (libc-start.c:258)
> ==522==
> %
>
> --
> Configure bugmail: http://gcc.gnu.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.