This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64

From: "cyrilbur at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 17 Feb 2015 23:42:49 +0000
Subject: [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

            Bug ID: 65096
           Summary: Illegal memory access beyond packed struct ARCH: ppc64
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: cyrilbur at gmail dot com

Created attachment 34795
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34795&action=edit
Simple test case

When a heap allocated packed struct is passed by value and the struct contains
an array the copy gets performed with a sequence of ld instructions which can
cause the a read beyond the end of the struct.

In the case of the attached example: gcc uses ld instructions to copy the char
array if it is of size other than 1, 2 or 4. Therefore the assembly is only
correct if the size of the array is a multiple of 8 chars.

System information:

I am reliably informed that it reproduces on 5.0 but I have discovered it on a
system with the following versions.


builder:~ $ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/ppc64-redhat-linux/4.8.3/lto-wrapper
Target: ppc64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla
--enable-bootstrap --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-gnu-unique-object
--enable-linker-build-id --with-linker-hash-style=gnu
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin
--enable-initfini-array --enable-java-awt=gtk --disable-dssi
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-isl=/builddir/build/BUILD/gcc-4.8.3-20140624/obj-ppc64-redhat-linux/isl-install
--with-cloog=/builddir/build/BUILD/gcc-4.8.3-20140624/obj-ppc64-redhat-linux/cloog-install
--enable-secureplt --with-long-double-128 --build=ppc64-redhat-linux
Thread model: posix
gcc version 4.8.3 20140624 (Red Hat 4.8.3-1) (GCC)

builder:~ $ valgrind --version
valgrind-3.8.1

To confirm:
Compile with `gcc gcc_test.c` and run the binary through valgrind `valgrind
./a.out`. Valgrind will report invalid read of size 8.


I have a attached a .i and also a simple example .c

Work arounds:
Pass the struct from the stack.

I have documented some of my debugging in the .c.

Follow-Ups:
- [Bug c/65096] Illegal memory access beyond packed struct ARCH: ppc64
  - From: cyrilbur at gmail dot com
- [Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64
  - From: karlowatz_chris at hotmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]