From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 09A973858425; Fri, 12 May 2023 08:30:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 09A973858425 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1683880228; bh=BOFqgctmfG0vlJfcFDMsOWQ7aelWQO6U3Pe9ZGrcPJY=; h=From:To:Subject:Date:In-Reply-To:References:From; b=FvMKEkG97iHUzttpayxNd9HFllr3YOcFCVlYmi9FR/aDRu/T90WOJIXRkO0fQYHni oQC2ke68UZecIWl/rEzXqcCfmcvOjqJLQIoVhzqG0sBtKsP3/GG6admyJxVG4t6G0L y9bcJeorgHYzzN7+4ZYo3but5LEo15l0owLt00yE= From: "mkaracsony81 at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/104069] Wuse-after-free=2 -O0 false positive "may be used" Date: Fri, 12 May 2023 08:30:08 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: mkaracsony81 at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104069 --- Comment #29 from Miklos Karacsony --- (In reply to Sergei Trofimovich from comment #28) > (In reply to Miklos Karacsony from comment #27) > > (In reply to Sergei Trofimovich from comment #26) > > > #c12 fixed elfutils case. > >=20 > > That's not accurate. It's only fixed if you use the default "-O2" > > optimization level, but if you use "-Os" instead, you'll find that the = bug > > is still present. I've managed to hit a similar bug while building glibc > > with "-Os" as well, but in that case adding "--disable-werror" helped. > > Sadly, elfutils' configure script does not respect that flag. I could j= ust > > add "-Wno-error" into my cflags when building, but then doing this on a= per > > package basis is cumbersome. >=20 > I was not able to reproduce -Os build failure on elfutils-0.189. Can you > extract an example from the case you see? Sadly, I cannot extract an example as I'm mostly packaging stuff for my LFS based distro, without any knowledge of C programming language and/or the in= ner workings of gcc. That said, I will share as much details as I can here, whi= ch should help you reproduce this bug: The configure command used was as follows: ./configure --prefix=3D/usr \ --sysconfdir=3D/etc \ --program-prefix=3D"eu-" \ --enable-deterministic-archives \ --enable-libdebuginfod=3Ddummy \ --disable-debuginfod \ --disable-werror Then I used the following to build the package and then install the librari= es only: make make -C debuginfod install make -C libasm install make -C libdw install make -C libdwelf install make -C libdwfl install make -C libelf install This is the output of the build when using "-Os": configure: WARNING: unrecognized options: --disable-werror In function 'bigger_buffer', inlined from '__libdw_gunzip' at gzip.c:374:12: gzip.c:96:9: error: pointer may be used after 'realloc' [-Werror=3Duse-after-free] 96 | b =3D realloc (state->buffer, more -=3D 1024); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gzip.c:94:13: note: call to 'realloc' here 94 | char *b =3D realloc (state->buffer, more); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[2]: *** [Makefile:715: gzip.o] Error 1 make[2]: *** Waiting for unfinished jobs.... In file included from bzip2.c:4: In function 'bigger_buffer', inlined from '__libdw_bunzip2' at gzip.c:331:9: gzip.c:96:9: error: pointer may be used after 'realloc' [-Werror=3Duse-after-free] 96 | b =3D realloc (state->buffer, more -=3D 1024); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gzip.c:94:13: note: call to 'realloc' here 94 | char *b =3D realloc (state->buffer, more); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors In file included from lzma.c:4: In function 'bigger_buffer', inlined from '__libdw_unlzma' at gzip.c:331:9: gzip.c:96:9: error: pointer may be used after 'realloc' [-Werror=3Duse-after-free] 96 | b =3D realloc (state->buffer, more -=3D 1024); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gzip.c:94:13: note: call to 'realloc' here 94 | char *b =3D realloc (state->buffer, more); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ make[2]: *** [Makefile:715: bzip2.o] Error 1 In file included from zstd.c:4: In function 'bigger_buffer', inlined from '__libdw_unzstd' at gzip.c:265:9: gzip.c:96:9: error: pointer may be used after 'realloc' [-Werror=3Duse-after-free] 96 | b =3D realloc (state->buffer, more -=3D 1024); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gzip.c:94:13: note: call to 'realloc' here 94 | char *b =3D realloc (state->buffer, more); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[2]: *** [Makefile:715: lzma.o] Error 1 cc1: all warnings being treated as errors make[2]: *** [Makefile:715: zstd.o] Error 1 make[1]: *** [Makefile:537: all-recursive] Error 1 make: *** [Makefile:453: all] Error 2 This was with CFLAGS=3D"-Os -mtune=3Dgeneric" and LDFLAGS=3D"-Wl,-O1,--sort-common,--as-needed,--hash-style=3Dgnu". If I build this package with CFLAGS=3D"-O2 -mtune=3Dgeneric" and the same L= DFLAGS as above, the build succeeds. I did not use any patches on elfutils. gcc -v: Using built-in specs. COLLECT_GCC=3Dgcc COLLECT_LTO_WRAPPER=3D/usr/lib/gcc/x86_64-pc-linux-gnu/12.2.1/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /sources/gcc-12.2.1-20230503/configure --prefix=3D/usr --libdir=3D/usr/lib --libexecdir=3D/usr/lib --mandir=3D/usr/share/man --infodir=3D/usr/share/info --enable-bootstrap --enable-languages=3Dc,c++,l= to --enable-multilib --enable-install-libiberty --enable-checking=3Drelease --enable-default-pie --enable-default-ssp --with-abi=3Dm64 --with-arch=3Dx8= 6-64 --with-arch_32=3Dx86-64 --with-build-config=3Dbootstrap-lto --with-multilib-list=3Dm64,m32 --with-fpmath=3Dsse --with-linker-hash-style= =3Dgnu --with-system-zlib --with-tune=3Dgeneric --with-zstd --without-isl --disable-libitm --disable-libquadmath --disable-libsanitizer --disable-lib= vtv --disable-nls --disable-werror Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 12.2.1 20230503 (Netux R1) (GCC)=