[Bug testsuite/63305] New: ASan reported heap-buffer-overflow in gcc.target/i386/avx256-unaligned-load{store}-7.c

chefmax at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Fri Sep 19 06:42:00 GMT 2014


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63305

            Bug ID: 63305
           Summary: ASan reported heap-buffer-overflow in
                    gcc.target/i386/avx256-unaligned-load{store}-7.c
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: testsuite
          Assignee: unassigned at gcc dot gnu.org
          Reporter: chefmax at gcc dot gnu.org
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu
             Build: x86_64-pc-linux-gnu

ASan reported heap-buffer-overflow in
gcc.target/i386/avx256-unaligned-load{store}-7.c:

$ ~/master/gcc gcc/testsuite/gcc.target/i386/avx256-unaligned-load-7.c 
-fsanitize=address -O3 -dp -mavx -mavx256-split-unaligned-load -o
./avx256-unaligned-load-7.exe

$ ./avx256-unaligned-load-7.exe


=================================================================
==21855==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60c00000c000 at pc 0x400bcc bp 0x7fffd03d3d90 sp 0x7fffd03d3d88
WRITE of size 8 at 0x60c00000c000 thread T0
    #0 0x400bcb in do_test
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x400bcb)
    #1 0x40086f in main
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x40086f)
    #2 0x7fecbc89476c in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
    #3 0x4008c4
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x4008c4)

0x60c00000c000 is located 0 bytes to the right of 128-byte region
[0x60c00000bf80,0x60c00000c000)
allocated by thread T0 here:
    #0 0x7fecbccc5569 in __interceptor_malloc
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_malloc_linux.cc:73
    #1 0x4009bd in foo
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x4009bd)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 do_test
Shadow bytes around the buggy address:
  0x0c187fff97b0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c187fff97c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c187fff97d0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c187fff97e0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c187fff97f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c187fff9800:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==21855==ABORTING

Quick analysis shows that overflow happens at line 38. Perhaps allocated arrays
have wrong size.



More information about the Gcc-bugs mailing list