public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum
@ 2022-11-07 10:40 jcmvbkbc at gcc dot gnu.org
2022-11-21 12:48 ` [Bug target/107549] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99 marxin at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: jcmvbkbc at gcc dot gnu.org @ 2022-11-07 10:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Bug ID: 107549
Summary: heap-buffer-overflow in xt_true_regnum
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: jcmvbkbc at gcc dot gnu.org
Target Milestone: ---
building gcc.dg/Winfinite-recursion-2.c testcase by the gcc built with ASAN and
configured for target=xtensa-linux-uclibc gives the following report:
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6110002cca0a at pc
0x00000303d2eb bp 0x7fff9ebb4c40 sp 0x7fff9ebb4c38
READ of size 2 at 0x6110002cca0a thread T0
#0 0x303d2ea in xt_true_regnum(rtx_def*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/config/xtensa/xtensa.cc:501
#1 0x303d9d8 in xtensa_valid_move(machine_mode, rtx_def**)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/config/xtensa/xtensa.cc:534
#2 0x3044e67 in xtensa_emit_move_sequence(rtx_def**, machine_mode)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/config/xtensa/xtensa.cc:1274
#3 0x3d80821 in gen_movsi(rtx_def*, rtx_def*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/config/xtensa/xtensa.md:1000
#4 0xe8a545 in rtx_insn* insn_gen_fn::operator()<rtx_def*,
rtx_def*>(rtx_def*, rtx_def*) const
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/recog.h:407
#5 0x13d970d in emit_move_insn_1(rtx_def*, rtx_def*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/expr.cc:4172
#6 0x13dc23c in emit_move_insn(rtx_def*, rtx_def*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/expr.cc:4342
#7 0x1aa541a in emit_move_list
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-emit.cc:927
#8 0x1aa69d4 in emit_moves
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-emit.cc:1032
#9 0x1aaa3b8 in ira_emit(bool)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-emit.cc:1303
#10 0x1a25dc6 in ira /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira.cc:5780
#11 0x1a27748 in execute
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira.cc:6084
#12 0x1e9b8dc in execute_one_pass(opt_pass*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2644
#13 0x1e9c3bf in execute_pass_list_1
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2753
#14 0x1e9c43a in execute_pass_list_1
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2754
#15 0x1e9c4de in execute_pass_list(function*, opt_pass*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2764
#16 0x1030e5d in cgraph_node::expand()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:1834
#17 0x1032294 in expand_all_functions
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2008
#18 0x103418c in symbol_table::compile()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2358
#19 0x1034b20 in symbol_table::finalize_compilation_unit()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2543
#20 0x23f70b5 in compile_file
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:471
#21 0x23ff98c in do_compile
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:2125
#22 0x24003f7 in toplev::main(int, char**)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:2277
#23 0x4823ffb in main /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/main.cc:39
#24 0x7f7c3b61bd09 in __libc_start_main ../csu/libc-start.c:308
#25 0x9e4609 in _start
(/home/jcmvbkbc/ws/tensilica/gcc/builds/gcc-13-3563-gf36bba013361-windowed-be/gcc/cc1+0x9e4609)
0x6110002cca0a is located 0 bytes to the right of 202-byte region
[0x6110002cc940,0x6110002cca0a)
allocated by thread T0 here:
#0 0x7f7c3bdb3e8f in __interceptor_malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x49fb608 in xmalloc
/home/jcmvbkbc/ws/tensilica/gcc/gcc/libiberty/xmalloc.c:149
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/config/xtensa/xtensa.cc:501 in
xt_true_regnum(rtx_def*)
Shadow bytes around the buggy address:
0x0c22800518f0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280051900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280051910: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c2280051920: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c2280051930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2280051940: 00[02]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280051950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280051960: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x0c2280051970: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2280051980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280051990: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa
Printing index used to access the reg_renumber array in the xt_true_regnum
confirms that it goes way beyond the current reg_info_size.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/107549] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
@ 2022-11-21 12:48 ` marxin at gcc dot gnu.org
2022-11-21 15:42 ` [Bug target/107549] [13 Regression] " pinskia at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-11-21 12:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
CC| |marxin at gcc dot gnu.org
Last reconfirmed| |2022-11-21
Summary|heap-buffer-overflow in |heap-buffer-overflow in
|xt_true_regnum |xt_true_regnum since
| |r13-3376-g4f3f0296acbb99
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Confirmed, started with r13-3376-g4f3f0296acbb99
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/107549] [13 Regression] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
2022-11-21 12:48 ` [Bug target/107549] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99 marxin at gcc dot gnu.org
@ 2022-11-21 15:42 ` pinskia at gcc dot gnu.org
2022-12-20 15:31 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-11-21 15:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.0
Summary|heap-buffer-overflow in |[13 Regression]
|xt_true_regnum since |heap-buffer-overflow in
|r13-3376-g4f3f0296acbb99 |xt_true_regnum since
| |r13-3376-g4f3f0296acbb99
Keywords| |ice-checking,
| |ice-on-valid-code
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/107549] [13 Regression] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
2022-11-21 12:48 ` [Bug target/107549] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99 marxin at gcc dot gnu.org
2022-11-21 15:42 ` [Bug target/107549] [13 Regression] " pinskia at gcc dot gnu.org
@ 2022-12-20 15:31 ` rguenth at gcc dot gnu.org
2023-04-26 6:56 ` [Bug target/107549] [13/14 " rguenth at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-12-20 15:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P4
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/107549] [13/14 Regression] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
` (2 preceding siblings ...)
2022-12-20 15:31 ` rguenth at gcc dot gnu.org
@ 2023-04-26 6:56 ` rguenth at gcc dot gnu.org
2023-07-27 9:24 ` rguenth at gcc dot gnu.org
2024-05-21 9:12 ` [Bug target/107549] [13/14/15 " jakub at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-04-26 6:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|13.0 |13.2
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 13.1 is being released, retargeting bugs to GCC 13.2.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/107549] [13/14 Regression] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
` (3 preceding siblings ...)
2023-04-26 6:56 ` [Bug target/107549] [13/14 " rguenth at gcc dot gnu.org
@ 2023-07-27 9:24 ` rguenth at gcc dot gnu.org
2024-05-21 9:12 ` [Bug target/107549] [13/14/15 " jakub at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-07-27 9:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|13.2 |13.3
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 13.2 is being released, retargeting bugs to GCC 13.3.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/107549] [13/14/15 Regression] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
` (4 preceding siblings ...)
2023-07-27 9:24 ` rguenth at gcc dot gnu.org
@ 2024-05-21 9:12 ` jakub at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-05-21 9:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107549
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|13.3 |13.4
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 13.3 is being released, retargeting bugs to GCC 13.4.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-05-21 9:12 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-07 10:40 [Bug target/107549] New: heap-buffer-overflow in xt_true_regnum jcmvbkbc at gcc dot gnu.org
2022-11-21 12:48 ` [Bug target/107549] heap-buffer-overflow in xt_true_regnum since r13-3376-g4f3f0296acbb99 marxin at gcc dot gnu.org
2022-11-21 15:42 ` [Bug target/107549] [13 Regression] " pinskia at gcc dot gnu.org
2022-12-20 15:31 ` rguenth at gcc dot gnu.org
2023-04-26 6:56 ` [Bug target/107549] [13/14 " rguenth at gcc dot gnu.org
2023-07-27 9:24 ` rguenth at gcc dot gnu.org
2024-05-21 9:12 ` [Bug target/107549] [13/14/15 " jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).