[Bug sanitizer/100439] stack overflow running ubsan

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "florin.iucha at amd dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/100439] stack overflow running ubsan
Date: Thu, 06 May 2021 11:59:23 +0000	[thread overview]
Message-ID: <bug-100439-4-Fb5KhwsKuu@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-100439-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100439

--- Comment #2 from Florin Iucha <florin.iucha at amd dot com> ---
This is for regular x86-64; we're using a cross-compiler sysroot to avoid
dependency on system libraries and be able to run the binary on different Linux
distributions.

I can't reproduce the problem on a "hello, world" C++ program, but I was able
to reproduce it on a minimal Google test:

   --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< 

   #include <gtest/gtest.h>

   #include <string>

   TEST(Hello, World)
   {
       ASSERT_EQ(43, std::stoi("42"));
   }

   --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< 

Built using:

/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=c++20
-fsanitize=undefined -fno-omit-frame-pointer -o hello.o -c hello.cpp
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -o hello -Wl,-rpath
-Wl,/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib
-Wl,-dynamic-linker
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/ld-linux-x86-64.so.2
-fsanitize=undefined hello.o
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=c++20
-fsanitize=undefined -fno-omit-frame-pointer -o test_hello.o
-I/home/fiucha/.conan/data/gtest/20201109/amd/tng/package/150f650d359c1c443c3bb8ac2ffee0bdec61d239/include
-c test_hello.cpp

/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -o test_hello
-Wl,-rpath -Wl,/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib
-Wl,-dynamic-linker
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/ld-linux-x86-64.so.2
-fsanitize=undefined test_hello.o
/home/fiucha/.conan/data/gtest/20201109/amd/tng/package/150f650d359c1c443c3bb8ac2ffee0bdec61d239/lib/libgmock_maind.a
/home/fiucha/.conan/data/gtest/20201109/amd/tng/package/150f650d359c1c443c3bb8ac2ffee0bdec61d239/lib/libgmockd.a
/home/fiucha/.conan/data/gtest/20201109/amd/tng/package/150f650d359c1c443c3bb8ac2ffee0bdec61d239/lib/libgtestd.a
-lpthread

 ./test_hello
zsh: segmentation fault (core dumped)  ./test_hello

Running under gdb:

(gdb) b __dynamic_cast
Breakpoint 1 at 0x40a620
(gdb) run
Breakpoint 1, 0x00007ffff7ea92fd in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
(gdb) bt
#0  0x00007ffff7ea92fd in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
#1  0x00007ffff7eef6ff in bool std::has_facet<std::ctype<char> >(std::locale
const&) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
#2  0x00007ffff7ee6977 in std::basic_ios<char, std::char_traits<char>
>::_M_cache_locale(std::locale const&) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
#3  0x00007ffff7ee6c01 in std::basic_ios<char, std::char_traits<char>
>::init(std::basic_streambuf<char, std::char_traits<char> >*) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
#4  0x00007ffff7ef6c6d in std::basic_ostream<char, std::char_traits<char>
>::basic_ostream(std::basic_streambuf<char, std::char_traits<char> >*) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
#5  0x00007ffff7eb335b in std::ios_base::Init::Init() () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so.6
#6  0x000000000040af7b in __static_initialization_and_destruction_0
(__initialize_p=1, __priority=65535)
    at
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/include/c++/11.1.1/iostream:74
#7  0x000000000040b1d3 in _GLOBAL__sub_I__ZN16Hello_World_Test10test_info_E ()
at test_hello.cpp:8
#8  0x000000000053c5f5 in __libc_csu_init (argc=argc@entry=1,
argv=argv@entry=0x7fffffffe8b8, envp=0x7fffffffe8c8) at elf-init.c:89
#9  0x00007ffff71aa76d in __libc_start_main (main=0x40f8b9 <main(int, char**)>,
argc=1, argv=0x7fffffffe8b8, init=0x53c5b0 <__libc_csu_init>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe8a8)
at ../csu/libc-start.c:279
#10 0x000000000040ac4a in _start () at ../sysdeps/x86_64/start.S:120
(gdb) ignore 1 9999999
Will ignore next 9999999 crossings of breakpoint 1.
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff736ae75 in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
(gdb) info breakpoints
Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x00007ffff7ea92fd <__dynamic_cast>
        breakpoint already hit 7488 times
        ignore next 9992512 hits

next prev parent reply	other threads:[~2021-05-06 11:59 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-05 19:17 [Bug sanitizer/100439] New: " florin.iucha at amd dot com
2021-05-06  6:32 ` [Bug sanitizer/100439] " rguenth at gcc dot gnu.org
2021-05-06 11:59 ` florin.iucha at amd dot com [this message]
2021-05-06 14:30 ` florin.iucha at amd dot com
2021-05-12 10:10 ` marxin at gcc dot gnu.org
2021-05-13 12:34 ` florin.iucha at amd dot com
2021-05-13 15:29 ` florin.iucha at amd dot com
2021-05-13 15:31 ` florin.iucha at amd dot com
2021-05-14 10:55 ` marxin at gcc dot gnu.org
2021-05-14 10:59 ` florin.iucha at amd dot com
2021-07-02 16:18 ` florin.iucha at amd dot com
2021-07-02 16:26 ` florin.iucha at amd dot com
2021-07-02 16:35 ` florin.iucha at amd dot com
2021-07-06 13:29 ` florin.iucha at amd dot com
2021-07-06 17:34 ` florin.iucha at amd dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-100439-4-Fb5KhwsKuu@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).