[Bug preprocessor/106252] New: [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[Bug preprocessor/106252] New: [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

            Bug ID: 106252
           Summary: [13 Regression] AddressSanitizer:
                    global-buffer-overflow on address since
                    r13-1544-ge46f4d7430c521
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code
          Severity: normal
          Priority: P3
         Component: preprocessor
          Assignee: unassigned at gcc dot gnu.org
          Reporter: marxin at gcc dot gnu.org
                CC: lhyatt at gcc dot gnu.org
  Target Milestone: ---

Since the revision the following ASAN error is reported:

/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/objdir/gcc/xgcc
-B/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/objdir/gcc/
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/testsuite/c-c++-common/pragma-diag-13.c
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/testsuite/c-c++-common/pragma-diag-13.c:2:54:
warning: missing ‘error’, ‘warning’, ‘ignored’, ‘push’, ‘pop’, or
‘ignored_attributes’ after ‘#pragma GCC diagnostic’ [-Wpragmas]
    2 | #pragma GCC diagnostic /* { dg-warning "missing" } */
      |                                                      ^
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/testsuite/c-c++-common/pragma-diag-13.c:3:24:
warning: expected ‘error’, ‘warning’, ‘ignored’, ‘push’, ‘pop’,
‘ignored_attributes’ after ‘#pragma GCC diagnostic’ [-Wpragmas]
    3 | #pragma GCC diagnostic warn /* { dg-warning "24:expected" } */
      |                        ^~~~
=================================================================
==4798==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000005e9d1fc at pc 0x000000a5903c bp 0x7fffffffc310 sp 0x7fffffffc308
READ of size 4 at 0x000005e9d1fc thread T0
    #0 0xa5903b in handle_pragma_diagnostic_impl<false, false>
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c-family/c-pragma.cc:1013
    #1 0xa5903b in handle_pragma_diagnostic
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c-family/c-pragma.cc:1070
    #2 0x8d77d1 in c_parser_pragma
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c/c-parser.cc:12640
    #3 0x960b55 in c_parser_external_declaration
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c/c-parser.cc:1768
    #4 0x962040 in c_parser_translation_unit
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c/c-parser.cc:1660
    #5 0x962040 in c_parse_file()
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c/c-parser.cc:23540
    #6 0xa4dcee in c_common_parse_file()
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c-family/c-opts.cc:1235
    #7 0x1bc699f in compile_file
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/toplev.cc:452
    #8 0x70ebb9 in do_compile
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/toplev.cc:2146
    #9 0x70ebb9 in toplev::main(int, char**)
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/toplev.cc:2298
    #10 0x719203 in main
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/main.cc:39
    #11 0x7ffff78405af in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #12 0x7ffff7840678 in __libc_start_main_impl ../csu/libc-start.c:392
    #13 0x71a624 in _start
(/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/objdir/gcc/cc1+0x71a624)

0x000005e9d1fc is located 36 bytes to the left of global variable 'cl_enums'
defined in 'options.cc:1282:22' (0x5e9d220) of size 2976
0x000005e9d1fc is located 20 bytes to the right of global variable 'lang_names'
defined in 'options.cc:3187:20' (0x5e9d180) of size 104
SUMMARY: AddressSanitizer: global-buffer-overflow
/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-asan/build/gcc/c-family/c-pragma.cc:1013
in handle_pragma_diagnostic_impl<false, false>
Shadow bytes around the buggy address:
  0x000080bcb9e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcb9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba20: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
=>0x000080bcba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9[f9]
  0x000080bcba40: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080bcba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==4798==ABORTING

Can be also seen with the following simple patch:

diff --git a/gcc/c-family/c-pragma.cc b/gcc/c-family/c-pragma.cc
index 62bce2ed0f5..93887759439 100644
--- a/gcc/c-family/c-pragma.cc
+++ b/gcc/c-family/c-pragma.cc
@@ -1010,6 +1010,7 @@ handle_pragma_diagnostic_impl ()
     return;

   const char *arg = NULL;
+  gcc_assert (option_index < N_OPTS);
   if (cl_options[option_index].flags & CL_JOINED)
     arg = data.option_str + 1 + cl_options[option_index].opt_len;

$ ./xg++ -B.
/home/marxin/Programming/gcc/gcc/testsuite/c-c++-common/pragma-diag-13.c -c
-std=c++20
/home/marxin/Programming/gcc/gcc/testsuite/c-c++-common/pragma-diag-13.c:2:54:
warning: missing ‘error’, ‘warning’, ‘ignored’, ‘push’, ‘pop’, or
‘ignored_attributes’ after ‘#pragma GCC diagnostic’ [-Wpragmas]
    2 | #pragma GCC diagnostic /* { dg-warning "missing" } */
      |                                                      ^
/home/marxin/Programming/gcc/gcc/testsuite/c-c++-common/pragma-diag-13.c:3:24:
warning: expected ‘error’, ‘warning’, ‘ignored’, ‘push’, ‘pop’,
‘ignored_attributes’ after ‘#pragma GCC diagnostic’ [-Wpragmas]
    3 | #pragma GCC diagnostic warn /* { dg-warning "24:expected" } */
      |                        ^~~~
/home/marxin/Programming/gcc/gcc/testsuite/c-c++-common/pragma-diag-13.c:4:32:
internal compiler error: in handle_pragma_diagnostic_impl, at
c-family/c-pragma.cc:1013
    4 | #pragma GCC diagnostic ignored "-Wfoo" /* { dg-warning "32:unknown" }
*/
      |                                ^~~~~~~
0x7b250c handle_pragma_diagnostic_impl<false, false>
        /home/marxin/Programming/gcc/gcc/c-family/c-pragma.cc:1013
0x7b250c handle_pragma_diagnostic
        /home/marxin/Programming/gcc/gcc/c-family/c-pragma.cc:1071
0xb7906c cp_parser_pragma
        /home/marxin/Programming/gcc/gcc/cp/parser.cc:48424
0xbb2ceb cp_parser_toplevel_declaration
        /home/marxin/Programming/gcc/gcc/cp/parser.cc:15085
0xbb2ceb cp_parser_toplevel_declaration
        /home/marxin/Programming/gcc/gcc/cp/parser.cc:15076
0xbb2ceb cp_parser_translation_unit
        /home/marxin/Programming/gcc/gcc/cp/parser.cc:5063
0xbb2ceb c_parse_file()
        /home/marxin/Programming/gcc/gcc/cp/parser.cc:48481
0xcf81f5 c_common_parse_file()
        /home/marxin/Programming/gcc/gcc/c-family/c-opts.cc:1235
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

[Bug preprocessor/106252] [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2022-07-11
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
   Target Milestone|---                         |13.0

[Bug preprocessor/106252] [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P1

[Bug preprocessor/106252] [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[lhyatt at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

Lewis Hyatt <lhyatt at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |lhyatt at gcc dot gnu.org

--- Comment #1 from Lewis Hyatt <lhyatt at gcc dot gnu.org> ---
Thanks, and sorry about that, I will fix it now. BTW, am I missing an argument
to configure or something such that I would have seen this? Or this is
something external to the main testsuite?

[Bug preprocessor/106252] [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
It's a ASAN bootstrap that needs the following configure option:
--with-build-config=bootstrap-asan

[Bug preprocessor/106252] [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Lewis Hyatt <lhyatt@gcc.gnu.org>:

https://gcc.gnu.org/g:cb7b01db7a1979a45fd1dce87a8738e80568520e

commit r13-1605-gcb7b01db7a1979a45fd1dce87a8738e80568520e
Author: Lewis Hyatt <lhyatt@gmail.com>
Date:   Mon Jul 11 08:12:33 2022 -0400

    c-family: Fix option check in handle_pragma_diagnostic [PR106252]

    In r13-1544, handle_pragma_diagnostic was refactored to support processing
    early pragmas. During that process the part looking up option arguments was
    inadvertenly moved too early, prior to checking the option was valid,
causing
    PR106252. Fixed by moving the check back where it goes.

    gcc/c-family/ChangeLog:

            PR preprocessor/106252
            * c-pragma.cc (handle_pragma_diagnostic_impl): Don't look up the
            option argument prior to verifying the option was found.

[Bug preprocessor/106252] [13 Regression] AddressSanitizer: global-buffer-overflow on address since r13-1544-ge46f4d7430c521

[lhyatt at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106252

Lewis Hyatt <lhyatt at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #4 from Lewis Hyatt <lhyatt at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #2)
> It's a ASAN bootstrap that needs the following configure option:
> --with-build-config=bootstrap-asan

I see, thank you. It is fixed now.