From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D09283898539; Thu, 13 May 2021 15:29:38 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D09283898539
From: "florin.iucha at amd dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/100439] stack overflow running ubsan
Date: Thu, 13 May 2021 15:29:38 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: sanitizer
X-Bugzilla-Version: 11.1.1
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: florin.iucha at amd dot com
X-Bugzilla-Status: WAITING
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-100439-4-V475rSNNFR@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-100439-4@http.gcc.gnu.org/bugzilla/>
References: <bug-100439-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2021 15:29:38 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D100439

--- Comment #6 from Florin Iucha <florin.iucha at amd dot com> ---
With the test file above, and this Makefile:


--8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8<

ALL: bin/test_hello

.PHONY: clean

CXX=3D/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++

CXXFLAGS=3D-m64 -g -std=3Dc++20 -fsanitize=3Dundefined -fno-omit-frame-poin=
ter
LDFLAGS=3D-Wl,-rpath
-Wl,/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib
-Wl,-dynamic-linker
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/ld-linux-x86=
-64.so.2
-fsanitize=3Dundefined

GOOGLE_TEST_PATH=3Dgoogletest/googletest
GOOGLE_TEST_OBJECTS=3Dobj/gtest.o obj/gtest_main.o obj/gtest-port.o
obj/gtest-filepath.o obj/gtest-death-test.o obj/gtest-test-part.o
obj/gtest-printers.o

obj/test_hello.o: test_hello.cpp
        $(CXX) $(CXXFLAGS) -o $@ -I$(GOOGLE_TEST_PATH)/include -c $<

obj/gtest.o: $(GOOGLE_TEST_PATH)/src/gtest.cc
        $(CXX) $(CXXFLAGS) -o $@ -I$(GOOGLE_TEST_PATH)/include
-I$(GOOGLE_TEST_PATH) -c $<

obj/gtest%.o: $(GOOGLE_TEST_PATH)/src/gtest%.cc
        $(CXX) $(CXXFLAGS) -o $@ -I$(GOOGLE_TEST_PATH)/include
-I$(GOOGLE_TEST_PATH) -c $<

bin/test_hello: obj/test_hello.o $(GOOGLE_TEST_OBJECTS)
        $(CXX) -o $@ $(LDFLAGS) $^ -lpthread

clean:
        $(RM) bin/test_hello obj/*.o

--8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8< --8<


Cloning google test:

$ git clone https://github.com/google/googletest

(The HEAD now is at f5e592d8ee5ffb1d9af5be7f715ce3576b8bf9c4)

Building:

$ make
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/test_hello.o
-Igoogletest/googletest/include -c test_hello.cpp
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest_main.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest_main.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest-port.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest-port.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest-filepath.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest-filepath.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest-death-test.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest-death-test.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest-test-part.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest-test-part.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -m64 -g -std=3Dc=
++20
-fsanitize=3Dundefined -fno-omit-frame-pointer -o obj/gtest-printers.o
-Igoogletest/googletest/include -Igoogletest/googletest -c
googletest/googletest/src/gtest-printers.cc
/opt/tng-gcc11-glibc-linux5.4/bin/x86_64-tng-linux-gnu-g++ -o bin/test_hello
-Wl,-rpath -Wl,/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/l=
ib
-Wl,-dynamic-linker
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/ld-linux-x86=
-64.so.2
-fsanitize=3Dundefined obj/test_hello.o obj/gtest.o obj/gtest_main.o
obj/gtest-port.o obj/gtest-filepath.o obj/gtest-death-test.o
obj/gtest-test-part.o obj/gtest-printers.o -lpthread

Running:

$  ./bin/test_hello
zsh: segmentation fault (core dumped)  ./bin/test_hello

Debugging:

(gdb) b __dynamic_cast
Breakpoint 1 at 0x4095c0
(gdb) ignore 1 3
Will ignore next 3 crossings of breakpoint 1.
(gdb) run
...
Breakpoint 1, 0x00007ffff7ea92fd in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
(gdb) bt
#0  0x00007ffff7ea92fd in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#1  0x00007ffff736be36 in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#2  0x00007ffff736ae7a in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#3  0x00007ffff736b3b2 in __ubsan_handle_dynamic_type_cache_miss () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#4  0x000000000045fdaa in std::type_info::operator=3D=3D (this=3D0x7ffff7f9=
7068
<typeinfo for __cxxabiv1::__si_class_type_info>, __arg=3D...)
    at
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/include/c++/11.1.1/typei=
nfo:122
#5  0x00007ffff7eab007 in __cxxabiv1::__si_class_type_info::__do_dyncast(lo=
ng,
__cxxabiv1::__class_type_info::__sub_kind, __cxxabiv1::__class_type_info
const*, void const*, __cxxabiv1::__class_type_info const*, void const*,
__cxxabiv1::__class_type_info::__dyncast_result&) const ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#6  0x00007ffff7ea9379 in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#7  0x00007ffff736be36 in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#8  0x00007ffff736ae7a in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#9  0x00007ffff736b3b2 in __ubsan_handle_dynamic_type_cache_miss () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#10 0x000000000045fdaa in std::type_info::operator=3D=3D (this=3D0x7ffff7f9=
7068
<typeinfo for __cxxabiv1::__si_class_type_info>, __arg=3D...)
    at
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/include/c++/11.1.1/typei=
nfo:122
#11 0x00007ffff7eab007 in __cxxabiv1::__si_class_type_info::__do_dyncast(lo=
ng,
__cxxabiv1::__class_type_info::__sub_kind, __cxxabiv1::__class_type_info
const*, void const*, __cxxabiv1::__class_type_info const*, void const*,
__cxxabiv1::__class_type_info::__dyncast_result&) const ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#12 0x00007ffff7ea9379 in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#13 0x00007ffff736be36 in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#14 0x00007ffff736ae7a in ?? () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#15 0x00007ffff736b3b2 in __ubsan_handle_dynamic_type_cache_miss () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libubsan.so.1
#16 0x000000000045fdaa in std::type_info::operator=3D=3D (this=3D0x7ffff7f9=
85a8
<typeinfo for std::ctype<char>>, __arg=3D...)
    at
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/include/c++/11.1.1/typei=
nfo:122
#17 0x00007ffff7eab882 in __cxxabiv1::__vmi_class_type_info::__do_dyncast(l=
ong,
__cxxabiv1::__class_type_info::__sub_kind, __cxxabiv1::__class_type_info
const*, void const*, __cxxabiv1::__class_type_info const*, void const*,
__cxxabiv1::__class_type_info::__dyncast_result&) const ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#18 0x00007ffff7ea9379 in __dynamic_cast () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#19 0x00007ffff7eef6ff in bool std::has_facet<std::ctype<char> >(std::locale
const&) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#20 0x00007ffff7ee6977 in std::basic_ios<char, std::char_traits<char>
>::_M_cache_locale(std::locale const&) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#21 0x00007ffff7ee6c01 in std::basic_ios<char, std::char_traits<char>
>::init(std::basic_streambuf<char, std::char_traits<char> >*) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#22 0x00007ffff7ef6c6d in std::basic_ostream<char, std::char_traits<char>
>::basic_ostream(std::basic_streambuf<char, std::char_traits<char> >*) ()
   from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#23 0x00007ffff7eb335b in std::ios_base::Init::Init() () from
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/sysroot/lib/libstdc++.so=
.6
#24 0x0000000000409ebb in __static_initialization_and_destruction_0
(__initialize_p=3D1, __priority=3D65535)
    at
/opt/tng-gcc11-glibc-linux5.4/x86_64-tng-linux-gnu/include/c++/11.1.1/iostr=
eam:74
#25 0x000000000040a113 in _GLOBAL__sub_I__ZN16Hello_World_Test10test_info_E=
 ()
at test_hello.cpp:8
#26 0x00000000004e0e95 in __libc_csu_init (argc=3Dargc@entry=3D1,
argv=3Dargv@entry=3D0x7fffffffe858, envp=3D0x7fffffffe868) at elf-init.c:89
#27 0x00007ffff71aa76d in __libc_start_main (main=3D0x4be23b <main(int, cha=
r**)>,
argc=3D1, argv=3D0x7fffffffe858, init=3D0x4e0e50 <__libc_csu_init>,
    fini=3D<optimized out>, rtld_fini=3D<optimized out>, stack_end=3D0x7fff=
ffffe848)
at ../csu/libc-start.c:279
#28 0x0000000000409b8a in _start () at ../sysdeps/x86_64/start.S:120

Note this happens when GCC and GLIBC are built with crosstool-ng
(https://crosstool-ng.github.io/); I will attach the configuration file use=
d to
generate the toolchain.=