This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code

From: "tejohnson at google dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Wed, 21 Nov 2012 05:51:12 +0000
Subject: [Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
Auto-submitted: auto-generated
References: <bug-55417-4@http.gcc.gnu.org/bugzilla/>

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417

--- Comment #2 from Teresa Johnson <tejohnson at google dot com> 2012-11-21 05:51:12 UTC ---
The following patch should fix it. I am running regression testing
now, but am leaving town imminently for several days and can send the
patch for review when I get back Sunday.

Teresa

2012-11-20  Teresa Johnson  <tejohnson@google.com>

        PR gcov-profile/55417
        * profile.c (compute_working_sets): Check index first
        to avoid out-of-bounds array access.

Index: profile.c
===================================================================
--- profile.c   (revision 193614)
+++ profile.c   (working copy)
@@ -291,8 +291,8 @@ compute_working_sets (void)
           /* Next walk through successive working set entries and fill in
             the statistics for any whose size we have reached by accumulating
             this histogram counter.  */
-          while (tmp_cum >= working_set_cum_values[ws_ix]
-                 && ws_ix < NUM_GCOV_WORKING_SETS)
+          while (ws_ix < NUM_GCOV_WORKING_SETS
+                 && tmp_cum >= working_set_cum_values[ws_ix])
             {
               gcov_working_sets[ws_ix].num_counters = count;
               gcov_working_sets[ws_ix].min_counter

On Tue, Nov 20, 2012 at 1:06 PM, markus at trippelsdorf dot de
<gcc-bugzilla@gcc.gnu.org> wrote:
>
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417
>
> --- Comment #1 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-11-20 21:06:46 UTC ---
> Valgrind shows:
>
>  % /var/tmp/gcc_valgrind/usr/local/bin/g++ -w -fprofile-use -O3
> /home/markus/bench.cpp
> ==522== Conditional jump or move depends on uninitialised value(s)
> ==522==    at 0x9E082B: compute_branch_probabilities(unsigned int, unsigned
> int) (profile.c:294)
> ==522==    by 0x9E2544: branch_prob() (profile.c:1371)
> ==522==    by 0xAFF5F5: tree_profiling() (tree-profile.c:483)
> ==522==    by 0x9CBD2A: execute_one_pass(opt_pass*) (passes.c:2327)
> ==522==    by 0x9CC789: execute_ipa_pass_list(opt_pass*) (passes.c:2692)
> ==522==    by 0x79429F: compile() (cgraphunit.c:1869)
> ==522==    by 0x794B99: finalize_compilation_unit() (cgraphunit.c:2120)
> ==522==    by 0x5B4A0E: cp_write_global_declarations() (decl2.c:4287)
> ==522==    by 0xA6D5BC: compile_file() (toplev.c:559)
> ==522==    by 0xA6F479: toplev_main(int, char**) (toplev.c:1881)
> ==522==    by 0x4ECD894: (below main) (libc-start.c:258)
> ==522==
>  %
>
> --
> Configure bugmail: http://gcc.gnu.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.

References:
- [Bug gcov-profile/55417] New: [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
  - From: markus at trippelsdorf dot de

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]