From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 1DE683858CDA; Tue, 28 Mar 2023 03:30:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1DE683858CDA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1679974259; bh=KFsTnD2Zmb+fL9NOrSRJKBAvUHCIGpEqF68snULr1DI=; h=From:To:Subject:Date:From; b=Uy6KL//leZQcBXf6ybIdjjkVEI5mu1o4ClNnisP9NVSlyc67HFbwFO4QwvhZavxHN QPqP1895bw4WB/d2UVanpd3JIDi4gYXg2hwvfROe9fWBaSaHNsFEpTRcnO4jFRrl8e 5Ka7lTUNLwNTR4rShBKX1QfV2JqbCcfffrJDO4D8= From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/109308] New: False positive store to address 0x62600000016c with insufficient space for an object of type 'int' since r12-6030-g422f9eb7011b76c1 Date: Tue, 28 Mar 2023 03:30:58 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109308 Bug ID: 109308 Summary: False positive store to address 0x62600000016c with insufficient space for an object of type 'int' since r12-6030-g422f9eb7011b76c1 Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: marxin at gcc dot gnu.org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org, siddhesh at gcc dot gnu.org Target Milestone: --- It's something I reduced from: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30279 $ cat y.i struct m68hc11_opcode_def { long format; }; int main() { int num_opcodes =3D 1; struct m68hc11_opcode_def *opc; opc =3D (struct m68hc11_opcode_def *) __builtin_malloc (sizeof (struct m68hc11_opcode_def) * num_opcodes); __builtin_printf ("opc=3D%p\n", opc); --opc; for (int i =3D 0; i < num_opcodes; i++) { opc++; opc->format =3D 0; } return 0; } $ gcc -g y.i -fsanitize=3Dundefined -O2 && ./a.out opc=3D0x4172b0 y.i:18:19: runtime error: store to address 0x0000004172b0 with insufficient space for an object of type 'long int' 0x0000004172b0: note: pointer points here 00 00 00 00 ba ba ba ba ba ba ba ba 00 00 00 00 00 00 00 00 00 00 00 00= 00 00 00 00 11 04 00 00 ^=20 #0 0x4010e3 in main /home/marxin/Programming/binutils/objdir/gas/y.i:18 #1 0x7ffff762cbaf in __libc_start_call_main (/lib64/libc.so.6+0x27baf) (BuildId: a3b5459af6c888d99845457c6f4d0c3b06f2404b) #2 0x7ffff762cc78 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x27c7= 8) (BuildId: a3b5459af6c888d99845457c6f4d0c3b06f2404b) #3 0x401134 in _start ../sysdeps/x86_64/start.S:115=