public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated
@ 2021-07-14 15:52 cnsun at uwaterloo dot ca
2021-07-14 18:56 ` [Bug c/101453] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: cnsun at uwaterloo dot ca @ 2021-07-14 15:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
Bug ID: 101453
Summary: ICE on compilable code: *** buffer overflow detected
***: terminated
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: cnsun at uwaterloo dot ca
Target Milestone: ---
$ gcc-trunk -v
Using built-in specs.
COLLECT_GCC=gcc-trunk
COLLECT_LTO_WRAPPER=/scratch/software/gcc-trunk/libexec/gcc/x86_64-pc-linux-gnu/12.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /tmp/tmp.Rxxf6w92un-gcc-builder/gcc/configure
--enable-languages=c,c++,lto --enable-checking-yes --enable-multiarch
--prefix=/scratch/software/gcc-trunk --disable-bootstrap
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.0.0 20210714 (experimental) [master revision
:8b95b2de5:a7098d6ef4e4e799dab8ef925c62b199d707694b] (GCC)
$ cat mutant.c
__attribute__((optimize(0x8080808080808080ull))) bak() {}
$ gcc-trunk mutant.c
*** buffer overflow detected ***: terminated
mutant.c:1:1: internal compiler error: Aborted
1 | __attribute__((optimize(0x8080808080808080ull))) bak() {}
| ^~~~~~~~~~~~~
0xf27883 crash_signal
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/toplev.c:328
0x9a0bb3 sprintf
/usr/include/x86_64-linux-gnu/bits/stdio2.h:36
0x9a0bb3 parse_optimize_options(tree_node*, bool)
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c-family/c-common.c:5802
0x9e54a8 handle_optimize_attribute
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c-family/c-attribs.c:5395
0x8e5f76 decl_attributes(tree_node**, tree_node*, int, tree_node*)
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/attribs.c:720
0x902f77 start_function(c_declspecs*, c_declarator*, tree_node*)
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c/c-decl.c:9452
0x96095e c_parser_declaration_or_fndef
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c/c-parser.c:2440
0x968e33 c_parser_external_declaration
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c/c-parser.c:1777
0x969899 c_parser_translation_unit
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c/c-parser.c:1650
0x969899 c_parse_file()
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c/c-parser.c:22121
0x9cb935 c_common_parse_file()
/tmp/tmp.Rxxf6w92un-gcc-builder/gcc/gcc/c-family/c-opts.c:1219
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/101453] ICE on compilable code: *** buffer overflow detected ***: terminated
2021-07-14 15:52 [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated cnsun at uwaterloo dot ca
@ 2021-07-14 18:56 ` pinskia at gcc dot gnu.org
2021-07-16 2:01 ` pinskia at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-07-14 18:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-07-14
Assignee|unassigned at gcc dot gnu.org |pinskia at gcc dot gnu.org
Keywords| |ice-on-invalid-code
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is a buffer overflow.
char buffer[20];
sprintf (buffer, "-O%ld", (long) TREE_INT_CST_LOW (value));
vec_safe_push (optimize_args, ggc_strdup (buffer));
so a 64bit signed integer max takes 20 bytes. Add in "-O", you are up to 22
bytes and then add the null, you are at 23 bytes.
So the fix is simple just increase buffer to be 23.
so maybe a better definition is:
char buffer[((int)((sizeof(long)*CHARBITS)/3.32))+1+3];
The magic 3.32 is log(10)/log(2) that is for every base 10 digit, it takes
~3.32 bits to represent.
The first +1 is a round up because the cast is truncating. The +3 is for "-O"
part including the null character.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/101453] ICE on compilable code: *** buffer overflow detected ***: terminated
2021-07-14 15:52 [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated cnsun at uwaterloo dot ca
2021-07-14 18:56 ` [Bug c/101453] " pinskia at gcc dot gnu.org
@ 2021-07-16 2:01 ` pinskia at gcc dot gnu.org
2021-07-16 18:36 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-07-16 2:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |https://gcc.gnu.org/piperma
| |il/gcc-patches/2021-July/57
| |5387.html
Keywords| |patch
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Patch submitted:
https://gcc.gnu.org/pipermail/gcc-patches/2021-July/575387.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/101453] ICE on compilable code: *** buffer overflow detected ***: terminated
2021-07-14 15:52 [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated cnsun at uwaterloo dot ca
2021-07-14 18:56 ` [Bug c/101453] " pinskia at gcc dot gnu.org
2021-07-16 2:01 ` pinskia at gcc dot gnu.org
@ 2021-07-16 18:36 ` pinskia at gcc dot gnu.org
2021-07-16 18:58 ` cvs-commit at gcc dot gnu.org
2021-07-16 18:59 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-07-16 18:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL|https://gcc.gnu.org/piperma |https://gcc.gnu.org/piperma
|il/gcc-patches/2021-July/57 |il/gcc-patches/2021-July/57
|5387.html |5484.html
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Updated patch:
https://gcc.gnu.org/pipermail/gcc-patches/2021-July/575484.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/101453] ICE on compilable code: *** buffer overflow detected ***: terminated
2021-07-14 15:52 [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated cnsun at uwaterloo dot ca
` (2 preceding siblings ...)
2021-07-16 18:36 ` pinskia at gcc dot gnu.org
@ 2021-07-16 18:58 ` cvs-commit at gcc dot gnu.org
2021-07-16 18:59 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-07-16 18:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Andrew Pinski <pinskia@gcc.gnu.org>:
https://gcc.gnu.org/g:e06b1c5ac00b1bd0339739d3d9377c90852a83c9
commit r12-2373-ge06b1c5ac00b1bd0339739d3d9377c90852a83c9
Author: Andrew Pinski <apinski@marvell.com>
Date: Thu Jul 15 18:07:09 2021 -0700
Fix PR 101453: ICE with optimize and large integer constant
The problem is the buffer is too small to hold "-O" and
the interger. This fixes the problem by use the correct size
instead.
Changes since v1:
* v2: Use HOST_BITS_PER_LONG and just divide by 3 instead of
3.32.
OK? Bootstrapped and tested on x86_64-linux with no regressions.
gcc/c-family/ChangeLog:
PR c/101453
* c-common.c (parse_optimize_options): Use the correct
size for buffer.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/101453] ICE on compilable code: *** buffer overflow detected ***: terminated
2021-07-14 15:52 [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated cnsun at uwaterloo dot ca
` (3 preceding siblings ...)
2021-07-16 18:58 ` cvs-commit at gcc dot gnu.org
@ 2021-07-16 18:59 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-07-16 18:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.0
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Fixed on the trunk.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-07-16 18:59 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-14 15:52 [Bug c/101453] New: ICE on compilable code: *** buffer overflow detected ***: terminated cnsun at uwaterloo dot ca
2021-07-14 18:56 ` [Bug c/101453] " pinskia at gcc dot gnu.org
2021-07-16 2:01 ` pinskia at gcc dot gnu.org
2021-07-16 18:36 ` pinskia at gcc dot gnu.org
2021-07-16 18:58 ` cvs-commit at gcc dot gnu.org
2021-07-16 18:59 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).