[Bug c/105357] New: dereferenced ptr on param stack gets over written

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c/105357] New: dereferenced ptr on param stack gets over written
@ 2022-04-23  7:58 vwebber at msn dot com
  2022-04-23  8:01 ` [Bug c/105357] " pinskia at gcc dot gnu.org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: vwebber at msn dot com @ 2022-04-23  7:58 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105357

            Bug ID: 105357
           Summary: dereferenced ptr on param stack gets over written
           Product: gcc
           Version: 9.4.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: vwebber at msn dot com
  Target Milestone: ---

Created attachment 52855
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52855&action=edit
c file

See function Send_all_acceptable_packages() in code file.  

Here is the debug output.

uvweb@DESKTOP-JV8VVTB:/mnt/c/Users/vwebb/Documents/slickedit/SndBx/hr$ ./a.out
< hr_town_tc1.txt
Town with the most number of packages is B
107 enter
94635049350200 94635049350224 94635049350248
94635049350200 94635049350224 94635049350248
29 enter
94635049350224 94635049350248
94635049350200 94635049350224
67 enter
94635049350224 94635049349808
140727292475840 94635049350248 94635049350272
140727292475840 94635049350248 94635049350272
29 enter
94635049350248 94635049350272
140727292475840 94635049350272
67 enter
94635049350272 94635049349808
37 enter
41 exit
18 enter
25 exit
140727292475840 94635049350272 0
140727292475840 94635049350272 0
29 enter
94635049350272 0
140727292475840 0
67 enter
0 94635049349808
Segmentation fault

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug c/105357] dereferenced ptr on param stack gets over written
  2022-04-23  7:58 [Bug c/105357] New: dereferenced ptr on param stack gets over written vwebber at msn dot com
@ 2022-04-23  8:01 ` pinskia at gcc dot gnu.org
  2022-04-23  8:06 ` pinskia at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-04-23  8:01 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105357

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
scanf("%s", town_name);

Can be problematic.
Especially with just size of 6.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug c/105357] dereferenced ptr on param stack gets over written
  2022-04-23  7:58 [Bug c/105357] New: dereferenced ptr on param stack gets over written vwebber at msn dot com
  2022-04-23  8:01 ` [Bug c/105357] " pinskia at gcc dot gnu.org
@ 2022-04-23  8:06 ` pinskia at gcc dot gnu.org
  2022-04-23  9:04 ` vwebber at msn dot com
  2022-04-23  9:06 ` vwebber at msn dot com
  3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-04-23  8:06 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105357

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
You need better error checking in your code.
scanf can fail and scanf with %s without a size can definitely have a buffer
overflow.

You might be able to detect some of this with -fsanitize=address or by using
valgrind.

This is almost definitely not a bug in GCC.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug c/105357] dereferenced ptr on param stack gets over written
  2022-04-23  7:58 [Bug c/105357] New: dereferenced ptr on param stack gets over written vwebber at msn dot com
  2022-04-23  8:01 ` [Bug c/105357] " pinskia at gcc dot gnu.org
  2022-04-23  8:06 ` pinskia at gcc dot gnu.org
@ 2022-04-23  9:04 ` vwebber at msn dot com
  2022-04-23  9:06 ` vwebber at msn dot com
  3 siblings, 0 replies; 5+ messages in thread
From: vwebber at msn dot com @ 2022-04-23  9:04 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105357

--- Comment #3 from vwebber <vwebber at msn dot com> ---
Thank you for the comments. 

However, the data being overwritten is on the stack in a function which is
called after the problematic scanf() etc are are run.

I would suggest running up GDB and do a break on access of the overwritten
lvalue.  

Regards, 

Victor Webber
V&T: 408-221-8467 
V:      805-924-1953
vwebber@msn.com


-----Original Message-----
From: pinskia at gcc dot gnu.org <gcc-bugzilla@gcc.gnu.org> 
Sent: Saturday, April 23, 2022 1:07 AM
To: vwebber@msn.com
Subject: [Bug c/105357] dereferenced ptr on param stack gets over written

https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D105357&amp;data=05%7C01%7C%7Cccc94c12b24440504a1d08da25003521%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637862980067506332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=Xv3EJ%2FCciXIGx8Y9sxvqo1rw9mcvMISwNFnGD5Dbowk%3D&amp;reserved=0

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> --- You need
better error checking in your code.
scanf can fail and scanf with %s without a size can definitely have a buffer
overflow.

You might be able to detect some of this with -fsanitize=address or by using
valgrind.

This is almost definitely not a bug in GCC.

--
You are receiving this mail because:
You reported the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug c/105357] dereferenced ptr on param stack gets over written
  2022-04-23  7:58 [Bug c/105357] New: dereferenced ptr on param stack gets over written vwebber at msn dot com
                   ` (2 preceding siblings ...)
  2022-04-23  9:04 ` vwebber at msn dot com
@ 2022-04-23  9:06 ` vwebber at msn dot com
  3 siblings, 0 replies; 5+ messages in thread
From: vwebber at msn dot com @ 2022-04-23  9:06 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105357

--- Comment #4 from vwebber <vwebber at msn dot com> ---
BTW, what happens in the rare occurrence of a bug report being found valid.  

Regards, 

Victor Webber
V&T: 408-221-8467 
V:      805-924-1953
vwebber@msn.com


-----Original Message-----
From: Victor Webber 
Sent: Saturday, April 23, 2022 2:04 AM
To: pinskia at gcc dot gnu.org <gcc-bugzilla@gcc.gnu.org>
Subject: RE: [Bug c/105357] dereferenced ptr on param stack gets over written

Thank you for the comments. 

However, the data being overwritten is on the stack in a function which is
called after the problematic scanf() etc are are run.

I would suggest running up GDB and do a break on access of the overwritten
lvalue.  

Regards, 

Victor Webber
V&T: 408-221-8467 
V:      805-924-1953
vwebber@msn.com


-----Original Message-----
From: pinskia at gcc dot gnu.org <gcc-bugzilla@gcc.gnu.org> 
Sent: Saturday, April 23, 2022 1:07 AM
To: vwebber@msn.com
Subject: [Bug c/105357] dereferenced ptr on param stack gets over written

https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D105357&amp;data=05%7C01%7C%7Cccc94c12b24440504a1d08da25003521%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637862980067506332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=Xv3EJ%2FCciXIGx8Y9sxvqo1rw9mcvMISwNFnGD5Dbowk%3D&amp;reserved=0

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> --- You need
better error checking in your code.
scanf can fail and scanf with %s without a size can definitely have a buffer
overflow.

You might be able to detect some of this with -fsanitize=address or by using
valgrind.

This is almost definitely not a bug in GCC.

--
You are receiving this mail because:
You reported the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-04-23  9:06 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-23  7:58 [Bug c/105357] New: dereferenced ptr on param stack gets over written vwebber at msn dot com
2022-04-23  8:01 ` [Bug c/105357] " pinskia at gcc dot gnu.org
2022-04-23  8:06 ` pinskia at gcc dot gnu.org
2022-04-23  9:04 ` vwebber at msn dot com
2022-04-23  9:06 ` vwebber at msn dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).