[Bug libfortran/62094] New: Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)
shamsundar at uh dot edu
gcc-bugzilla@gcc.gnu.org
Mon Aug 11 18:35:00 GMT 2014
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094
Bug ID: 62094
Summary: Program crash when executing DEALLOCATE with addresses
that have 0 in bits 26 and higher (little-endian)
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libfortran
Assignee: unassigned at gcc dot gnu.org
Reporter: shamsundar at uh dot edu
Created attachment 33293
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33293&action=edit
Fortran program that will exhibit the bug on a Linux x86-64 system, eg.
openSuse 12.3 desktop
The library routine free() in libc.so.6 on some X86-64 Linux systems will
deference address zero when the argument has bits 26 and up all zero. This will
cause the program to crash. A Fortran program that exposes this bug is
attached. Here are a few instructions from free(), from libc.so.6, stable
release 2.17, configured for x86_64_linux, gcc 4.7.2:
__libc_free: (argument in %rdi)
...
7ea08: 48 8d 77 f0 lea -0x10(%rdi),%rsi
...
7ea1b: 48 89 f0 mov %rsi,%rax
7ea1e: 48 25 00 00 00 fc and $0xfffffffffc000000,%rax
7ea24: 48 8b 38 mov (%rax),%rdi <<<====
crash if %rax = 0
More information about the Gcc-bugs
mailing list