This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

From: "rimvydas.jas at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Wed, 25 Oct 2017 12:07:04 +0000
Subject: [Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
Auto-submitted: auto-generated
References: <bug-81938-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

--- Comment #3 from Rimvydas (RJ) <rimvydas.jas at gmail dot com> ---
fmt_cache_1.f in valgrind is reproducible on aarch64-suse-linux

One scientific package has a tendency to crash in similar place.

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000040003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at
../../../libgfortran/io/format.c:272
272               if (GFC_DESCRIPTOR_DATA(fnp->u.udf.vlist))
(gdb) where
#0  0x000040003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at
../../../libgfortran/io/format.c:272
#1  0x000040003b935d44 in save_parsed_format (dtp=0xffffd6551200) at
../../../libgfortran/io/format.c:146
#2  _gfortrani_parse_format (dtp=dtp@entry=0xffffd6551200) at
../../../libgfortran/io/format.c:1353
#3  0x000040003b944878 in data_transfer_init (dtp=0xffffd6551200,
dtp@entry=0xffffd6551260, read_flag=read_flag@entry=0)
    at ../../../libgfortran/io/transfer.c:2791
#4  0x000040003b945208 in _gfortran_st_write (dtp=dtp@entry=0xffffd6551260) at
../../../libgfortran/io/transfer.c:4118
#5  0x0000000000b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311
#6  0x0000000000b62d50 in suphmf (kulout=20) at suphmf.F90:84
#7  0x00000000008e85d4 in suphy (kulout=20) at suphy.F90:76
#8  0x00000000007f3048 in su0yomb () at su0yomb.F90:628
#9  0x00000000006ed0ac in cnt0 () at cnt0.F90:134
#10 0x00000000006bf8c8 in master () at master.F90:76
#11 main (argc=argc@entry=1, argv=0xffffd6552ef1) at master.F90:3
#12 0x000040003ba84830 in __libc_start_main (main=0x6bf84c <main>, argc=1,
argv=0xffffd6551f38, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=<optimized out>) at libc-start.c:289
#13 0x00000000006bf770 in _start ()

(gdb) p &fmt->array.array
$2 = (fnode (*)[64]) 0x4f293c90
(gdb) p/x sizeof(fmt->array.array)
$3 = 0x1000
(gdb) p fnp
$4 = (fnode *) 0x4f2957d0
(gdb) p *fnp
$5 = {format = FMT_DT, repeat = 48, next = 0x3200000031, source = 0x3400000033
<error: Cannot access memory at address 0x3400000033>, u = {real = {w = 53, 
      d = 54, e = 55}, string = {length = 53, p = 0x3800000037 <error: Cannot
access memory at address 0x3800000037>}, integer = {w = 53, m = 54}, udf = {
      string = 0x3600000035 <error: Cannot access memory at address
0x3600000035>, string_len = 55, vlist = 0x3a00000039}, w = 53, k = 53, r = 53,
n = 53, 
    child = 0x3600000035}, count = 59, current = 0xa1}
(gdb) f 5
#5  0x0000000000b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311
311     WRITE(UNIT=KULOUT,FMT='('' COMMON YOMPHY1 '')')

Attached patch solves runtime issue and valgrind no longer complains on
format.c.
Tested with GCC7 branch on openSUSE aarch64.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]