From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 8858E386EC2F; Fri, 2 Jul 2021 16:35:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8858E386EC2F From: "florin.iucha at amd dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/100439] stack overflow running ubsan Date: Fri, 02 Jul 2021 16:35:44 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 11.1.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: florin.iucha at amd dot com X-Bugzilla-Status: WAITING X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jul 2021 16:35:44 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D100439 --- Comment #12 from Florin Iucha --- Actually, it gets even better - no clang needed. Just build GCC 11-20210626 Snapshot and build the example using the Google test recipe: # # Makefile # ALL: bin/test_hello .PHONY: clean CXX=3D/opt/gcc11-for-tng/bin/g++-11 CXXFLAGS=3D-m64 -g -std=3Dc++20 -fsanitize=3Dundefined -fno-omit-frame-poin= ter LDFLAGS=3D-L/opt/gcc11-for-tng/lib64 -Wl,-rpath,/opt/gcc11-for-tng/lib64 -fsanitize=3Dundefined GOOGLE_TEST_PATH=3Dgoogletest/googletest GOOGLE_TEST_OBJECTS=3Dobj/gtest.o obj/gtest_main.o obj/gtest-port.o obj/gtest-filepath.o obj/gtest-death-test.o obj/gtest-test-part.o obj/gtest-printers.o obj/test_hello.o: test_hello.cpp $(CXX) $(CXXFLAGS) -o $@ -I$(GOOGLE_TEST_PATH)/include -c $< obj/gtest.o: $(GOOGLE_TEST_PATH)/src/gtest.cc $(CXX) $(CXXFLAGS) -o $@ -I$(GOOGLE_TEST_PATH)/include -I$(GOOGLE_TEST_PATH) -c $< obj/gtest%.o: $(GOOGLE_TEST_PATH)/src/gtest%.cc $(CXX) $(CXXFLAGS) -o $@ -I$(GOOGLE_TEST_PATH)/include -I$(GOOGLE_TEST_PATH) -c $< bin/test_hello: obj/test_hello.o $(GOOGLE_TEST_OBJECTS) $(CXX) -o $@ $(LDFLAGS) $^ -lpthread clean: $(RM) bin/test_hello obj/*.o # # test_hello.cpp # #include #include TEST(Hello, World) { ASSERT_EQ(43, std::stoi("42")); } ------ After build: $ ldd bin/test_hello linux-vdso.so.1 (0x00007ffc551ee000) libpthread.so.0 =3D> /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f387908d000) libstdc++.so.6 =3D> /opt/gcc11-for-tng/lib64/libstdc++.so.6 (0x00007f3878ce4000) libm.so.6 =3D> /lib/x86_64-linux-gnu/libm.so.6 (0x00007f3878b95000) libubsan.so.1 =3D> /opt/gcc11-for-tng/lib64/libubsan.so.1 (0x00007f387803c000) libgcc_s.so.1 =3D> /opt/gcc11-for-tng/lib64/libgcc_s.so.1 (0x00007f3877e29000) libc.so.6 =3D> /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3877c37000) /lib64/ld-linux-x86-64.so.2 (0x00007f387933a000) libdl.so.2 =3D> /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f3877c2f00= 0) librt.so.1 =3D> /lib/x86_64-linux-gnu/librt.so.1 (0x00007f3877c2400= 0) $ gdb bin/test_hello ... ... Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6f4f555 in HandleDynamicTypeCacheMiss (Data=3D0x5555557a49a0, Pointer=3D140737353637960, Hash=3D3327454538508686025, Opts=3D...) at ../../../../gcc/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:36 36 ../../../../gcc/libsanitizer/ubsan/ubsan_handlers_cxx.cpp: No such = file or directory. ... (gdb) bt #44921 0x00007ffff6f50516 in __ubsan::checkDynamicType (Object=3DObject@entry=3D0x7ffff7f87588 >, Type=3D0x7ffff7f860b8 , Hash=3D814631009105412= 4745) at ../../../../gcc/libsanitizer/ubsan/ubsan_type_hash_itanium.cpp:233 #44922 0x00007ffff6f4f55a in HandleDynamicTypeCacheMiss (Data=3D0x5555557a4= 9a0, Pointer=3D140737353643400, Hash=3D, Opts=3D...) at ../../../../gcc/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:36 #44923 0x00007ffff6f4fa92 in __ubsan::__ubsan_handle_dynamic_type_cache_miss (Data=3D, Pointer=3D, Hash=3D)= at ../../../../gcc/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:87 #44924 0x000055555567addd in std::type_info::operator=3D=3D (this=3D0x7ffff= 7f87588 >, __arg=3D...) at /opt/gcc11-for-tng/include/c++/11.1.1/typeinfo:122 #44925 0x00007ffff7c9beec in __cxxabiv1::__vmi_class_type_info::__do_dyncast (this=3D0x7ffff7f87588 >, src2dst=3D0, access_path=3D__cxxabiv1::__class_type_info::__contained_public, dst_type=3D0x7ffff7f87588 >, obj_ptr=3D0x7fff= f7f93e00 <(anonymous namespace)::ctype_c>, src_type=3D0x7ffff7f86298 , src_ptr=3D0x7ffff7f93e00 <(anonymous namespace)::ctype= _c>, result=3D...) at ../../../../gcc/libstdc++-v3/libsupc++/vmi_class_type_info= .cc:91 #44926 0x00007ffff7c999e9 in __cxxabiv1::__dynamic_cast (src_ptr=3D0x7ffff7= f93e00 <(anonymous namespace)::ctype_c>, src_type=3D0x7ffff7f86298 , dst_type=3D0x7ffff7f87588 >, src2dst=3D0) at ../../../../gcc/libstdc++-v3/libsupc++/dyncast.cc:74 #44927 0x00007ffff7cdfd6d in std::has_facet > (__loc=3D...= ) at /home/fiucha/tools/gcc.objdir/x86_64-linux-gnu/libstdc++-v3/include/bits/lo= cale_classes.tcc:110 #44928 0x00007ffff7cd6fcf in std::basic_ios >::_M_cache_locale (this=3Dthis@entry=3D0x5555557cc988 , __loc=3D...) at /home/fiucha/tools/gcc.objdir/x86_64-linux-gnu/libstdc++-v3/include/bits/ba= sic_ios.tcc:159 #44929 0x00007ffff7cd7263 in std::basic_ios >::init (this=3Dthis@entry=3D0x5555557cc988 , __sb=3D__sb@entry=3D0x7ffff7f92460 <__gnu_internal::buf_cout_sync>) at /home/fiucha/tools/gcc.objdir/x86_64-linux-gnu/libstdc++-v3/include/bits/ba= sic_ios.tcc:132 #44930 0x00007ffff7ce72db in std::basic_ostream >::basic_ostream (__sb=3D, __vtt_parm=3D0x0, __in_chrg=3D1, this=3D0x5555557cc980 ) at /home/fiucha/tools/gcc.objdir/x86_64-linux-gnu/libstdc++-v3/include/ostream= :85 #44931 std::basic_ostream >::basic_ostream (this=3D0x5555557cc980 , __sb=3D0x7ffff7f92460 <__gnu_internal::buf_cout_sync>) at /home/fiucha/tools/gcc.objdir/x86_64-linux-gnu/libstdc++-v3/include/ostream= :85 #44932 0x00007ffff7ca39c3 in std::ios_base::Init::Init (this=3D) at /home/fiucha/tools/gcc/libstdc++-v3/libsupc++/new:175 #44933 std::ios_base::Init::Init (this=3D) at ../../../../../gcc/libstdc++-v3/src/c++98/ios_init.cc:78 #44934 0x000055555561be74 in __static_initialization_and_destruction_0 (__initialize_p=3D1, __priority=3D65535) at /opt/gcc11-for-tng/include/c++/11.1.1/iostream:74 #44935 0x000055555561c121 in _GLOBAL__sub_I__ZN16Hello_World_Test10test_inf= o_E () at test_hello.cpp:8 #44936 0x0000555555708b6d in __libc_csu_init () #44937 0x00007ffff6b66040 in __libc_start_main (main=3D0x5555556e26a3 , argc=3D1, argv=3D0x7fffffffe858, init=3D0x555555708b20 <__libc_cs= u_init>, fini=3D, rtld_fini=3D, stack_end=3D0x7fffffff= e848) at ../csu/libc-start.c:264 #44938 0x000055555561bb3e in _start () Note the depth of the stack trace.=