[Bug lto/55474] New: global-buffer-overflow in lto-wrapper.c

hjl.tools at gmail dot com gcc-bugzilla@gcc.gnu.org
Mon Nov 26 20:39:00 GMT 2012 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55474

             Bug #: 55474
           Summary: global-buffer-overflow in lto-wrapper.c
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: lto
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: hjl.tools@gmail.com


On Linux/x86-64, hjl/asan branch configured with
--with-build-config=bootstrap-asan reports:

[hjl@gnu-mic-1 gcc]$
/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/xgcc
-B/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/
/export/gnu/import/git/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/20010124-1.c
/export/gnu/import/git/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/20010124-1-lib.c
/export/gnu/import/git/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c
 -fno-diagnostics-show-caret  -w  -O2 -flto -fno-use-linker-plugin
-flto-partition=none  -fno-tree-loop-distribute-patterns  -lm   
=================================================================
==22576== ERROR: AddressSanitizer: global-buffer-overflow on address 0x004d24c4
at pc 0x405ac6 bp 0xffffca30 sp 0xffffca2c
READ of size 4 at 0x004d24c4 thread T0
    #0 0x405ac5
(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/lto-wrapper+0x405ac5)
0x004d24c4 is located 28 bytes to the left of global variable
'global_options_init (options.c)' (0x4d24e0) of size 2440
0x004d24c4 is located 24 bytes to the right of global variable 'lang_names
(options.c)' (0x4d2480) of size 44
Shadow byte and word:
  0x2009a498: f9
  0x2009a498: f9 f9 f9 f9
More shadow bytes:
  0x2009a488: 04 f9 f9 f9
  0x2009a48c: f9 f9 f9 f9
  0x2009a490: 00 00 00 00
  0x2009a494: 00 04 f9 f9
=>0x2009a498: f9 f9 f9 f9
  0x2009a49c: 00 00 00 00
  0x2009a4a0: 00 00 00 00
  0x2009a4a4: 00 00 00 00
  0x2009a4a8: 00 00 00 00
Stats: 0M malloced (0M for red zones) by 142 calls
Stats: 0M realloced by 4 calls
Stats: 0M freed by 44 calls
Stats: 0M really freed by 0 calls
Stats: 3M (898 full pages) mmaped in 7 calls
  mmaps   by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 12:128; 13:64; 
  mallocs by size class: 7:103; 8:12; 9:12; 10:8; 11:1; 12:1; 13:5; 
  frees   by size class: 7:27; 8:2; 9:6; 10:5; 11:1; 13:3; 
  rfrees  by size class: 
Stats: malloc large: 0 small slow: 8
==22576== ABORTING
collect2: error: lto-wrapper returned 1 exit status
[hjl@gnu-mic-1 gcc]$ addr2line -e
/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/lto-wrapper 0x405ac5
/export/gnu/import/git/gcc/gcc/lto-wrapper.c:397
[hjl@gnu-mic-1 gcc]$

More information about the Gcc-bugs mailing list