From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id E57C83858CDB; Fri, 28 Oct 2022 19:19:04 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E57C83858CDB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1666984744;
	bh=EMkXK37n+qM+pBNjMAjx7QfcHp2lL6heIkB/rGNX+5Y=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=aQsu6HiJhEsiBWdXgi1x0QOsh40VRa8uZWlBydPO7s5CCj4Ro4/NxfrhtD8ft7e0C
	 SKwJ7gKONXeijKUb4y1hDJrFoiNDuwg3vg/4vh9Bn9D1IZl5bheq/G5F/kEX8CUDA/
	 zAQPTV2sHNgx9vG/qv/2LjI009ggHNGwI3HpEx04=
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/107451] Segmentation fault with vectorized
 code.
Date: Fri, 28 Oct 2022 19:19:04 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 11.3.1
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jakub at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: INVALID
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc bug_status resolution
Message-ID: <bug-107451-4-6yomUXjbZ5@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-107451-4@http.gcc.gnu.org/bugzilla/>
References: <bug-107451-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D107451

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The bug is in the testcase:
gcc -fsanitize=3Dundefined,address -g -o /tmp/pr107451{,.c}; /tmp/pr107451
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D2296364=3D=3DERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffca382d798 at pc 0x00000040148c bp 0x7ffca382d680 sp 0x7ffca382d678
READ of size 8 at 0x7ffca382d798 thread T0
    #0 0x40148b in dot /tmp/pr107451.c:9
    #1 0x4019f8 in main /tmp/pr107451.c:21
    #2 0x7f8c74de858f in __libc_start_call_main (/lib64/libc.so.6+0x2958f)
    #3 0x7f8c74de8648 in __libc_start_main@GLIBC_2.2.5
(/lib64/libc.so.6+0x29648)
    #4 0x4010f4 in _start (/tmp/pr107451+0x4010f4)

Address 0x7ffca382d798 is located in stack of thread T0 at offset 40 in fra=
me
    #0 0x401922 in main /tmp/pr107451.c:19

  This frame has 2 object(s):
    [32, 40) 'x' (line 20) <=3D=3D Memory access at offset 40 overflows this
variable
    [64, 72) 'y' (line 20)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /tmp/pr107451.c:9 in dot
Shadow bytes around the buggy address:
  0x1000146fdaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdad0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
  0x1000146fdae0: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 f1 f1
=3D>0x1000146fdaf0: f1 f1 00[f2]f2 f2 00 f3 f3 f3 00 00 00 00 00 00
  0x1000146fdb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000146fdb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07=20
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
=3D=3D2296364=3D=3DABORTING

x[ix+1] or y[ix+1] when ix is 0 and x is &x in main or y &y in main
is an out of bounds access.=