This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
- From: "rimvydas.jas at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 25 Oct 2017 12:07:04 +0000
- Subject: [Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
- Auto-submitted: auto-generated
- References: <bug-81938-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938
--- Comment #3 from Rimvydas (RJ) <rimvydas.jas at gmail dot com> ---
fmt_cache_1.f in valgrind is reproducible on aarch64-suse-linux
One scientific package has a tendency to crash in similar place.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000040003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at
../../../libgfortran/io/format.c:272
272 if (GFC_DESCRIPTOR_DATA(fnp->u.udf.vlist))
(gdb) where
#0 0x000040003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at
../../../libgfortran/io/format.c:272
#1 0x000040003b935d44 in save_parsed_format (dtp=0xffffd6551200) at
../../../libgfortran/io/format.c:146
#2 _gfortrani_parse_format (dtp=dtp@entry=0xffffd6551200) at
../../../libgfortran/io/format.c:1353
#3 0x000040003b944878 in data_transfer_init (dtp=0xffffd6551200,
dtp@entry=0xffffd6551260, read_flag=read_flag@entry=0)
at ../../../libgfortran/io/transfer.c:2791
#4 0x000040003b945208 in _gfortran_st_write (dtp=dtp@entry=0xffffd6551260) at
../../../libgfortran/io/transfer.c:4118
#5 0x0000000000b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311
#6 0x0000000000b62d50 in suphmf (kulout=20) at suphmf.F90:84
#7 0x00000000008e85d4 in suphy (kulout=20) at suphy.F90:76
#8 0x00000000007f3048 in su0yomb () at su0yomb.F90:628
#9 0x00000000006ed0ac in cnt0 () at cnt0.F90:134
#10 0x00000000006bf8c8 in master () at master.F90:76
#11 main (argc=argc@entry=1, argv=0xffffd6552ef1) at master.F90:3
#12 0x000040003ba84830 in __libc_start_main (main=0x6bf84c <main>, argc=1,
argv=0xffffd6551f38, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=<optimized out>) at libc-start.c:289
#13 0x00000000006bf770 in _start ()
(gdb) p &fmt->array.array
$2 = (fnode (*)[64]) 0x4f293c90
(gdb) p/x sizeof(fmt->array.array)
$3 = 0x1000
(gdb) p fnp
$4 = (fnode *) 0x4f2957d0
(gdb) p *fnp
$5 = {format = FMT_DT, repeat = 48, next = 0x3200000031, source = 0x3400000033
<error: Cannot access memory at address 0x3400000033>, u = {real = {w = 53,
d = 54, e = 55}, string = {length = 53, p = 0x3800000037 <error: Cannot
access memory at address 0x3800000037>}, integer = {w = 53, m = 54}, udf = {
string = 0x3600000035 <error: Cannot access memory at address
0x3600000035>, string_len = 55, vlist = 0x3a00000039}, w = 53, k = 53, r = 53,
n = 53,
child = 0x3600000035}, count = 59, current = 0xa1}
(gdb) f 5
#5 0x0000000000b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311
311 WRITE(UNIT=KULOUT,FMT='('' COMMON YOMPHY1 '')')
Attached patch solves runtime issue and valgrind no longer complains on
format.c.
Tested with GCC7 branch on openSUSE aarch64.