This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/81861] New: ASan pr64820.c testcase segfaults with LTO and -fstack-protector-strong
- From: "m.ostapenko at samsung dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 16 Aug 2017 13:06:29 +0000
- Subject: [Bug tree-optimization/81861] New: ASan pr64820.c testcase segfaults with LTO and -fstack-protector-strong
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81861
Bug ID: 81861
Summary: ASan pr64820.c testcase segfaults with LTO and
-fstack-protector-strong
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: m.ostapenko at samsung dot com
CC: ubizjak at gmail dot com
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
After r250965 the ASan's pr64820.c tescase fails with:
ASAN:DEADLYSIGNAL
=================================================================
==15720==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x0000004009e5 bp 0x7fff5fca17c0 sp 0x7fff5fca17c0 T0)
==15720==The signal is caused by a READ memory access.
==15720==Hint: address points to the zero page.
#0 0x4009e4 in Func1
/home/max/workspace/downloads/gcc/gcc/testsuite/c-c++-common/asan/pr64820.c:13
#1 0x40080a in main
/home/max/workspace/downloads/gcc/gcc/testsuite/c-c++-common/asan/pr64820.c:23
#2 0x2b7622799f44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#3 0x40085a
(/home/max/build/master/gcc/testsuite/gcc/pr64820.exe+0x40085a)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/max/workspace/downloads/gcc/gcc/testsuite/c-c++-common/asan/pr64820.c:13
in Func1
==15720==ABORTING
The code in resuting binary looks like this:
0000000000400910 <Func1>:
400910: 41 54 push %r12
400912: 55 push %rbp
400913: 53 push %rbx
400914: 48 81 ec 60 10 00 00 sub $0x1060,%rsp
40091b: 8b 05 5f 06 20 00 mov 0x20065f(%rip),%eax #
600f80 <__TMC_END__>
400921: 48 89 e3 mov %rsp,%rbx
400924: 48 89 dd mov %rbx,%rbp
400927: 85 c0 test %eax,%eax
400929: 0f 85 8a 00 00 00 jne 4009b9 <Func1+0xa9>
40092f: 48 89 da mov %rbx,%rdx
400932: 48 8d 7b 20 lea 0x20(%rbx),%rdi
400936: 48 c7 03 b3 8a b5 41 movq $0x41b58ab3,(%rbx)
40093d: 48 c1 ea 03 shr $0x3,%rdx
400941: 48 c7 43 08 08 0b 40 movq $0x400b08,0x8(%rbx)
400948: 00
400949: 48 c7 43 10 10 09 40 movq $0x400910,0x10(%rbx)
400950: 00
400951: c7 82 00 80 ff 7f f1 movl $0xf1f1f1f1,0x7fff8000(%rdx)
400958: f1 f1 f1
40095b: c7 82 04 82 ff 7f f3 movl $0xf3f3f3f3,0x7fff8204(%rdx)
400962: f3 f3 f3
Segfault here==> 400965: 48 8b 04 25 00 00 00 mov 0x0,%rax
40096c: 00
40096d: 48 89 84 24 58 10 00 mov %rax,0x1058(%rsp)
400974: 00
400975: 31 c0 xor %eax,%eax
400977: e8 84 ff ff ff callq 400900 <Ident>