public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback
@ 2023-06-07 13:21 bardeau at iram dot fr
2023-06-07 18:57 ` [Bug sanitizer/110157] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: bardeau at iram dot fr @ 2023-06-07 13:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110157
Bug ID: 110157
Summary: Address sanitizer crashes when accessing variables
through procedure callback
Product: gcc
Version: 13.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: bardeau at iram dot fr
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Created attachment 55278
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55278&action=edit
Main program, library, and Makefile
Hi,
in the gfortran 13.* branch, the attached code crashes as follows. This is a
regression compared to gfortran 12.* releases (and below) which run correctly.
The sample code is simple but needs to be compiled in a library separated from
the main executable (no crash if not). I attach the Makefile which compiles and
links all the parts.
The -fsanitize=address option has to be present (hence my report to the
sanitizer).
In short, the 'gfits_setsort' procedure calls 'quicksort' with a local
(contained) procedure passed as argument. The callback of this procedure by
'quicksort' results in the crash. The main point is that the 'key' variable is
accessed in the called back procedure. In this example, 'key' is a dummy
variable received by 'gfits_setsort', but the same issue is also true if 'key'
is a variable local to 'gfits_setsort'.
$ gfortran --version
GNU Fortran (GCC) 13.1.1 20230606
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ make clean && make
rm -f *.o *.so test
gfortran -fimplicit-none -fsanitize=address -fPIC -c header.f90 -o header.o
gfortran -shared header.o -o libgfits.so
gfortran -fimplicit-none -fsanitize=address -fPIC -c test.f90 -o test.o
gfortran -fsanitize=address test.o -L./ -lgfits -o test
$ export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH"
$ ./test
>>> Calling ugt
Program received signal SIGSEGV: Segmentation fault - invalid memory reference.
Backtrace for this error:
#0 0x7f821433a3ff in ???
#1 0x7f8211700038 in ???
Segmentation fault (core dumped)
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug sanitizer/110157] Address sanitizer crashes when accessing variables through procedure callback 2023-06-07 13:21 [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback bardeau at iram dot fr @ 2023-06-07 18:57 ` pinskia at gcc dot gnu.org 2023-06-07 19:10 ` [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more pinskia at gcc dot gnu.org ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2023-06-07 18:57 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110157 --- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> --- If anything what is most likely happening is the stack is not being recorded as executable which is needed for nest functions. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more 2023-06-07 13:21 [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback bardeau at iram dot fr 2023-06-07 18:57 ` [Bug sanitizer/110157] " pinskia at gcc dot gnu.org @ 2023-06-07 19:10 ` pinskia at gcc dot gnu.org 2023-06-09 6:50 ` rguenth at gcc dot gnu.org ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2023-06-07 19:10 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110157 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Last reconfirmed| |2023-06-07 Target Milestone|--- |13.2 Summary|Address sanitizer crashes |[13/14 Regression] Address |when accessing variables |sanitizer does not like |through procedure callback |nested function trampolines | |any more --- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Reduced GNU C testcase (just compile and run with -fsanitize=address): ``` void quicksort(_Bool (*ugt)()) { __builtin_printf(">>> Calling ugt\n"); _Bool t = ugt(); __builtin_printf(">>> Done ugt\n"); } void gfits_setsort(int key) { _Bool sort_gt() { return key > 0; } quicksort(sort_gt); } int main() { gfits_setsort(1); } ``` ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==1==ERROR: AddressSanitizer: SEGV on unknown address 0x7f346f900034 (pc 0x7f346f900034 bp 0x7ffe64ea8b90 sp 0x7ffe64ea8b68 T0) ==1==The signal is caused by a READ memory access. ==1==Hint: PC is at a non-executable region. Maybe a wild jump? #0 0x7f346f900034 (<unknown module>) #1 0x40134f in gfits_setsort /app/example.cpp:14 #2 0x40139f in main /app/example.cpp:19 #3 0x7f3471eb3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (<unknown module>) ==1==ABORTING ``` ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more 2023-06-07 13:21 [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback bardeau at iram dot fr 2023-06-07 18:57 ` [Bug sanitizer/110157] " pinskia at gcc dot gnu.org 2023-06-07 19:10 ` [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more pinskia at gcc dot gnu.org @ 2023-06-09 6:50 ` rguenth at gcc dot gnu.org 2023-07-27 9:26 ` rguenth at gcc dot gnu.org 2023-11-27 16:02 ` pinskia at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-06-09 6:50 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110157 --- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> --- Works for me on x86_64-suse-linux: > ~/install/gcc-13/usr/local/bin/gcc t.c -fsanitize=address /usr/bin/ld: warning: /tmp/ccVSp5Vj.o: requires executable stack (because the .note.GNU-stack section is executable) rguenther@ryzen:/tmp> ./a.out >>> Calling ugt >>> Done ugt ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more 2023-06-07 13:21 [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback bardeau at iram dot fr ` (2 preceding siblings ...) 2023-06-09 6:50 ` rguenth at gcc dot gnu.org @ 2023-07-27 9:26 ` rguenth at gcc dot gnu.org 2023-11-27 16:02 ` pinskia at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-07-27 9:26 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110157 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|13.2 |13.3 --- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> --- GCC 13.2 is being released, retargeting bugs to GCC 13.3. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more 2023-06-07 13:21 [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback bardeau at iram dot fr ` (3 preceding siblings ...) 2023-07-27 9:26 ` rguenth at gcc dot gnu.org @ 2023-11-27 16:02 ` pinskia at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2023-11-27 16:02 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110157 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Dup. *** This bug has been marked as a duplicate of bug 87875 *** ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-11-27 16:02 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-06-07 13:21 [Bug sanitizer/110157] New: Address sanitizer crashes when accessing variables through procedure callback bardeau at iram dot fr 2023-06-07 18:57 ` [Bug sanitizer/110157] " pinskia at gcc dot gnu.org 2023-06-07 19:10 ` [Bug sanitizer/110157] [13/14 Regression] Address sanitizer does not like nested function trampolines any more pinskia at gcc dot gnu.org 2023-06-09 6:50 ` rguenth at gcc dot gnu.org 2023-07-27 9:26 ` rguenth at gcc dot gnu.org 2023-11-27 16:02 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).