This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/66908] Uninitialized variable when compiled with UBsan
- From: "chefmax at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 22 Jul 2015 07:38:05 +0000
- Subject: [Bug sanitizer/66908] Uninitialized variable when compiled with UBsan
- Auto-submitted: auto-generated
- References: <bug-66908-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66908
Maxim Ostapenko <chefmax at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chefmax at gcc dot gnu.org
--- Comment #5 from Maxim Ostapenko <chefmax at gcc dot gnu.org> ---
(In reply to Yury Gribov from comment #1)
> Looks like -fsanitize=bounds may introduce uninitialized variables when run
> after shift.
It looks like that -fsanitize=shift may introduce uninitialized variables
itself, without other checks.
For arm-linux-gnueabi target:
$ cat test.cpp
class Foo {
private:
int a_;
public:
Foo (int a) : a_(a) {};
inline int get_a () { return a_; };
};
int bar (int (Foo::*get)()) {
Foo *A = new Foo(1);
int result = (A->*get)();
delete (A);
return result;
}
int main () {
return bar (&Foo::get_a);
}
$ armv7l-tizen-linux-gnueabi-g++ -S -fsanitize=shift test.cpp
-fdump-tree-gimple
<D.6138>
.......................
D.6137 = get.__delta;
D.6138 = D.6137 & 1;
if (D.6138 == 0) goto <D.6139>; else goto <D.6140>;
<D.6139>:
iftmp.1 = get.__pfn;
goto <D.6141>;
<D.6140>:
A.2 = A;
==> D.6143 = get.__delta;
D.6144 = D.6143 >> 1;
D.6145 = (sizetype) D.6144;
D.6146 = A.2 + D.6145;
D.6147 = MEM[(int (*__vtbl_ptr_type) () * *)D.6146];
D.6148 = get.__pfn;
D.6149 = (sizetype) D.6148;
D.6150 = D.6147 + D.6149;
iftmp.1 = *D.6150;
<D.6141>:
A.3 = A;
==> ????????
D.6152 = D.6143 >> 1;
D.6153 = (sizetype) D.6152;
D.6154 = A.3 + D.6153;
result = iftmp.1 (D.6154);
Here, <D.6138> => <D.6139> => <D.6141> introduces uninitialized D.6153 value
and broken *this parameter for called method.
$ armv7l-tizen-linux-gnueabi-g++ -v
Using built-in specs.
COLLECT_GCC=armv7l-tizen-linux-gnueabi-g++
COLLECT_LTO_WRAPPER=/home/max/install/armv7l-tizen/libexec/gcc/armv7l-tizen-linux-gnueabi/6.0.0/lto-wrapper
Target: armv7l-tizen-linux-gnueabi
Configured with: /home/max/src/v6/gcc/configure
--prefix=/home/max/install/armv7l-tizen --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=armv7l-tizen-linux-gnueabi --disable-nls
--enable-poison-system-directories
--with-pkgversion=Tizen.armv7l.GA2.2015-07-15
--with-sysroot=/home/max/install/armv7l-tizen/armv7l-tizen-linux-gnueabi/sys-root
--with-gmp=/home/max/build/v6/fake-root
--with-libelf=/home/max/build/v6/fake-root
--with-mpc=/home/max/build/v6/fake-root
--with-mpfr=/home/max/build/v6/fake-root --without-cloog --without-ppl
--with-host-libstdcxx='-static-libgcc -Wl,-Bstatic,-lstdc++,-Bdynamic -lm'
--enable-languages=c,c++,fortran --disable-libstdcxx-pch --enable-__cxa_atexit
--enable-libssp --enable-lto --enable-checking=release
--with-build-time-tools=/home/max/install/armv7l-tizen/bin --with-gnu-as
--with-gnu-ld
--with-specs='%{funwind-tables|fno-unwind-tables|mabi=*|ffreestanding|nostdlib:;:-funwind-tables}
%{!Werror=unused-local-typedefs:%{!Wno-error=unused-local-typedefs:-Wno-error=unused-local-typedefs}}
%{fuse-linker-plugin|fno-use-linker-plugin|flto|flto=*:;:-fno-use-linker-plugin}'
--disable-multilib --disable-gnu-unique-object --enable-linker-build-id
--with-mode=arm --with-fpu=neon-vfpv4 --with-cpu=cortex-a15.cortex-a7
--with-float=softfp --enable-libgomp --enable-linux-futex