public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/23484] New: __builtin___memcpy_chk miscompilation
@ 2005-08-19 16:47 gbeauchesne at mandriva dot com
2005-08-19 17:28 ` [Bug middle-end/23484] " pinskia at gcc dot gnu dot org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: gbeauchesne at mandriva dot com @ 2005-08-19 16:47 UTC (permalink / raw)
To: gcc-bugs
Hi,
Compiling ruby on x86_64 with -D_FORTIFY_SOURCE=2 will cause failure in the
testsuite.
This can be reproduced with
GNU C version 4.1.0 20050819 (experimental) (x86_64-unknown-linux-gnu)
Here is a simplified testcase.
extern void abort (void);
#undef memcpy
#define memcpy(dst, src, len) \
__builtin___memcpy_chk (dst, src, len, __builtin_object_size (dst, 0))
int
main (void)
{
static const char data[] = { 0, 0x40, 0xe2, 0x01, 0x00, 0x01, 0x80, 0xc0, 0x1d };
const char *s = &data[1];
int natint = data[0];
unsigned long tmp = 0;
memcpy (&tmp, s, natint ? sizeof(tmp) : 4);
if (sizeof(tmp) > 4 && (tmp >> 32) != 0) /* movq generated? */
abort ();
return 0;
}
--
Summary: __builtin___memcpy_chk miscompilation
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: gbeauchesne at mandriva dot com
CC: gcc-bugs at gcc dot gnu dot org
GCC host triplet: x86_64-unknown-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
@ 2005-08-19 17:28 ` pinskia at gcc dot gnu dot org
2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-08-19 17:28 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Severity|critical |normal
Component|c |middle-end
GCC host triplet|x86_64-unknown-linux-gnu |
GCC target triplet| |x86_64-*-linux-gnu
Keywords| |wrong-code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
2005-08-19 17:28 ` [Bug middle-end/23484] " pinskia at gcc dot gnu dot org
2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
@ 2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
2005-08-19 19:07 ` pinskia at gcc dot gnu dot org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-08-19 18:55 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-08-19 18:54 -------
Hmm, let look at the source:
memcpy (&tmp, s, natint ? sizeof(tmp) : 4);
natint will be zero so we get
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu dot
| |org, pinskia at gcc dot gnu
| |dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
2005-08-19 17:28 ` [Bug middle-end/23484] " pinskia at gcc dot gnu dot org
@ 2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-08-19 18:55 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-08-19 18:55 -------
(In reply to comment #1)
Ignore that comment, I am stupid.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
` (2 preceding siblings ...)
2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
@ 2005-08-19 19:07 ` pinskia at gcc dot gnu dot org
2005-08-19 19:24 ` jakub at redhat dot com
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-08-19 19:07 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-08-19 19:00 -------
It can be confirmed on x86 with:
extern void abort (void);
#undef memcpy
#define memcpy(dst, src, len) \
__builtin___memcpy_chk (dst, src, len, __builtin_object_size (dst, 0))
int
main (void)
{
static const char data[] = { 0, 0x40, 0xe2, 0x01, 0x00, 0x01, 0x80, 0xc0, 0x1d };
const char *s = &data[1];
int natint = data[0];
unsigned long long tmp = 0;
memcpy (&tmp, s, natint ? sizeof(tmp) : 4);
if (sizeof(tmp) > 4 && (tmp>>32) != 0) /* movq generated? */
abort ();
return 0;
}
And here is a testcase for big endian:
extern void abort (void);
#undef memcpy
#define memcpy(dst, src, len) \
__builtin___memcpy_chk (dst, src, len, __builtin_object_size (dst, 0))
int
main (void)
{
static const char data[] = { 0, 0x40, 0xe2, 0x01, 0x00, 0x01, 0x80, 0xc0, 0x1d };
const char *s = &data[1];
int natint = data[0];
unsigned long long tmp = 0;
memcpy (&tmp, s, natint ? sizeof(tmp) : 4);
printf("%llx\n", tmp);
if (sizeof(tmp) > 4 && (tmp &0xFFFFFF) != 0) /* 64bit move generated? */
abort ();
return 0;
}
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
GCC target triplet|x86_64-*-linux-gnu |
Last reconfirmed|0000-00-00 00:00:00 |2005-08-19 19:00:31
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
` (3 preceding siblings ...)
2005-08-19 19:07 ` pinskia at gcc dot gnu dot org
@ 2005-08-19 19:24 ` jakub at redhat dot com
2005-08-22 15:01 ` jakub at gcc dot gnu dot org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at redhat dot com @ 2005-08-19 19:24 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From jakub at redhat dot com 2005-08-19 19:16 -------
I have a preliminary fix, will work on testcases now, then test it thoroughly.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
` (4 preceding siblings ...)
2005-08-19 19:24 ` jakub at redhat dot com
@ 2005-08-22 15:01 ` jakub at gcc dot gnu dot org
2005-08-29 8:42 ` cvs-commit at gcc dot gnu dot org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu dot org @ 2005-08-22 15:01 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |jakub at gcc dot gnu dot org
|dot org |
URL| |http://gcc.gnu.org/ml/gcc-
| |patches/2005-
| |08/msg01187.html
Status|NEW |ASSIGNED
Keywords| |patch
Last reconfirmed|2005-08-19 19:00:31 |2005-08-22 14:53:32
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
` (5 preceding siblings ...)
2005-08-22 15:01 ` jakub at gcc dot gnu dot org
@ 2005-08-29 8:42 ` cvs-commit at gcc dot gnu dot org
2005-08-29 8:50 ` cvs-commit at gcc dot gnu dot org
2005-08-29 12:41 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2005-08-29 8:42 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-08-29 08:40 -------
Subject: Bug 23484
CVSROOT: /cvs/gcc
Module name: gcc
Changes by: jakub@gcc.gnu.org 2005-08-29 08:40:48
Modified files:
gcc : ChangeLog builtins.c
gcc/testsuite : ChangeLog
Added files:
gcc/testsuite/gcc.c-torture/execute/builtins: pr23484-chk-lib.c
pr23484-chk.c
Log message:
PR middle-end/23484
* builtins.c (fold_builtin_memory_chk, fold_builtin_stxcpy_chk,
fold_builtin_strncpy_chk, fold_builtin_snprintf_chk): If len is
not constant, but maxlen is, don't set len to maxlen, rather
set maxlen to len if len is a constant.
* gcc.c-torture/execute/builtins/pr23484-chk.c: New test.
* gcc.c-torture/execute/builtins/pr23484-chk-lib.c: New file.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&r1=2.9847&r2=2.9848
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/builtins.c.diff?cvsroot=gcc&r1=1.474&r2=1.475
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&r1=1.5974&r2=1.5975
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/pr23484-chk-lib.c.diff?cvsroot=gcc&r1=NONE&r2=1.1
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/pr23484-chk.c.diff?cvsroot=gcc&r1=NONE&r2=1.1
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
` (6 preceding siblings ...)
2005-08-29 8:42 ` cvs-commit at gcc dot gnu dot org
@ 2005-08-29 8:50 ` cvs-commit at gcc dot gnu dot org
2005-08-29 12:41 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2005-08-29 8:50 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-08-29 08:42 -------
Subject: Bug 23484
CVSROOT: /cvs/gcc
Module name: gcc
Branch: gcc-4_0-rhl-branch
Changes by: jakub@gcc.gnu.org 2005-08-29 08:42:09
Modified files:
gcc : ChangeLog builtins.c
gcc/testsuite : ChangeLog
Added files:
gcc/testsuite/gcc.c-torture/execute/builtins: pr23484-chk.c
pr23484-chk-lib.c
Log message:
PR middle-end/23484
* builtins.c (fold_builtin_memory_chk, fold_builtin_stxcpy_chk,
fold_builtin_strncpy_chk, fold_builtin_snprintf_chk): If len is
not constant, but maxlen is, don't set len to maxlen, rather
set maxlen to len if len is a constant.
* gcc.c-torture/execute/builtins/pr23484-chk.c: New test.
* gcc.c-torture/execute/builtins/pr23484-chk-lib.c: New file.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-4_0-rhl-branch&r1=2.7592.2.10.2.56&r2=2.7592.2.10.2.57
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/builtins.c.diff?cvsroot=gcc&only_with_tag=gcc-4_0-rhl-branch&r1=1.426.4.6&r2=1.426.4.7
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-4_0-rhl-branch&r1=1.5084.2.9.2.52&r2=1.5084.2.9.2.53
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/pr23484-chk.c.diff?cvsroot=gcc&only_with_tag=gcc-4_0-rhl-branch&r1=NONE&r2=1.1.2.1
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/pr23484-chk-lib.c.diff?cvsroot=gcc&only_with_tag=gcc-4_0-rhl-branch&r1=NONE&r2=1.1.2.1
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/23484] __builtin___memcpy_chk miscompilation
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
` (7 preceding siblings ...)
2005-08-29 8:50 ` cvs-commit at gcc dot gnu dot org
@ 2005-08-29 12:41 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-08-29 12:41 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-08-29 12:38 -------
Fixed.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |4.1.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23484
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2005-08-29 12:38 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-08-19 16:47 [Bug c/23484] New: __builtin___memcpy_chk miscompilation gbeauchesne at mandriva dot com
2005-08-19 17:28 ` [Bug middle-end/23484] " pinskia at gcc dot gnu dot org
2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
2005-08-19 18:55 ` pinskia at gcc dot gnu dot org
2005-08-19 19:07 ` pinskia at gcc dot gnu dot org
2005-08-19 19:24 ` jakub at redhat dot com
2005-08-22 15:01 ` jakub at gcc dot gnu dot org
2005-08-29 8:42 ` cvs-commit at gcc dot gnu dot org
2005-08-29 8:50 ` cvs-commit at gcc dot gnu dot org
2005-08-29 12:41 ` pinskia at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).