public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy
@ 2023-07-06 20:14 gabriel.torres at ll dot mit.edu
2023-07-06 20:14 ` [Bug c/110579] " gabriel.torres at ll dot mit.edu
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: gabriel.torres at ll dot mit.edu @ 2023-07-06 20:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110579
Bug ID: 110579
Summary: O2, O1 opmtimizations cause a buffer overflow panic
during a strcpy
Product: gcc
Version: 11.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: gabriel.torres at ll dot mit.edu
Target Milestone: ---
Created attachment 55493
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55493&action=edit
Output of compiling the source code.
O2, O1 opmtimizations of the attached .i file trigger a buffer overflow panic
during a strcpy.
The project being compiled is tar 1.14.
The unoptimzed version does not panic and performs the expected behavior,
creating an archive.
* the exact version of GCC;
- 11.3.0, 12.1.0, 9.5.0
* the system type;
- Ubuntu 22.04.1
* the options given when GCC was configured/built;
- 11.3.0: Configured with: ../src/configure -v --with-pkgversion='Ubuntu
11.3.0-1ubuntu1~22.04.1' --with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,m2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-11
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib
--enable-libphobos-checking=release --with-target-system-zlib=auto
--enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-11-aYxV0E/gcc-11-11.3.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-11-aYxV0E/gcc-11-11.3.0/debian/tmp-gcn/usr
--without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
--with-build-config=bootstrap-lto-lean --enable-link-serialization=2
- 9.5.0: Configured with: ../src/configure -v --with-pkgversion='Ubuntu
9.5.0-1ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-9
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib
--with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch
--disable-werror --with-arch-32=i686 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-9-5Q4PKF/gcc-9-9.5.0/debian/tmp-nvptx/usr,hsa
--without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
--with-build-config=bootstrap-lto-lean --enable-link-mutex
- 12.1.0: Configured with: ../src/configure -v --with-pkgversion='Ubuntu
12.1.0-2ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-12
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new
--enable-gnu-unique-object --disable-vtable-verify --enable-plugin
--enable-default-pie --with-system-zlib --enable-libphobos-checking=release
--with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch
--disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-12-sZcx2y/gcc-12-12.1.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-12-sZcx2y/gcc-12-12.1.0/debian/tmp-gcn/usr
--enable-offload-defaulted --without-cuda-driver --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
* the complete command line that triggers the bug;
- ./tar cf foo.tar bar
* the compiler output (error messages, warnings, etc.); and
- See make_output file
* the preprocessed file (*.i*) that triggers the bug
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c/110579] O2, O1 opmtimizations cause a buffer overflow panic during a strcpy
2023-07-06 20:14 [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy gabriel.torres at ll dot mit.edu
@ 2023-07-06 20:14 ` gabriel.torres at ll dot mit.edu
2023-07-06 20:35 ` [Bug tree-optimization/110579] " sjames at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: gabriel.torres at ll dot mit.edu @ 2023-07-06 20:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110579
--- Comment #1 from Gabriel <gabriel.torres at ll dot mit.edu> ---
Created attachment 55494
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55494&action=edit
Processed *.i files
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/110579] O2, O1 opmtimizations cause a buffer overflow panic during a strcpy
2023-07-06 20:14 [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy gabriel.torres at ll dot mit.edu
2023-07-06 20:14 ` [Bug c/110579] " gabriel.torres at ll dot mit.edu
@ 2023-07-06 20:35 ` sjames at gcc dot gnu.org
2023-07-06 20:41 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: sjames at gcc dot gnu.org @ 2023-07-06 20:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110579
--- Comment #2 from Sam James <sjames at gcc dot gnu.org> ---
Could you give us a backtrace with -ggdb3 when it aborts at runtime?
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/110579] O2, O1 opmtimizations cause a buffer overflow panic during a strcpy
2023-07-06 20:14 [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy gabriel.torres at ll dot mit.edu
2023-07-06 20:14 ` [Bug c/110579] " gabriel.torres at ll dot mit.edu
2023-07-06 20:35 ` [Bug tree-optimization/110579] " sjames at gcc dot gnu.org
@ 2023-07-06 20:41 ` pinskia at gcc dot gnu.org
2023-07-06 20:45 ` pinskia at gcc dot gnu.org
2023-07-06 20:54 ` gabriel.torres at ll dot mit.edu
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-07-06 20:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110579
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The warning:
In function ‘strcpy’,
inlined from ‘start_header’ at create.c:695:7:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:79:10: warning:
‘__builtin___strcpy_chk’ writing 8 bytes into a region of size 6
[-Wstringop-overflow=]
79 | return __builtin___strcpy_chk (__dest, __src, __glibc_objsize
(__dest));
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Which comes from:
strcpy (header->header.magic, "ustar "); //8
The code is not _FORTIFY_SOURCE=2 safe which requires strcpy to only write
exactly the amount to those fields and not combine character fields as
different.
char magic[6];
char version[2];
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/110579] O2, O1 opmtimizations cause a buffer overflow panic during a strcpy
2023-07-06 20:14 [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy gabriel.torres at ll dot mit.edu
` (2 preceding siblings ...)
2023-07-06 20:41 ` pinskia at gcc dot gnu.org
@ 2023-07-06 20:45 ` pinskia at gcc dot gnu.org
2023-07-06 20:54 ` gabriel.torres at ll dot mit.edu
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-07-06 20:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110579
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
All of these FORTIFY issues have been fixed for a long time now (over 10
years).
Why are you trying to use an old version of gnu tar?
e.g. https://lists.gnu.org/archive/html/bug-tar/2010-02/msg00010.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/110579] O2, O1 opmtimizations cause a buffer overflow panic during a strcpy
2023-07-06 20:14 [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy gabriel.torres at ll dot mit.edu
` (3 preceding siblings ...)
2023-07-06 20:45 ` pinskia at gcc dot gnu.org
@ 2023-07-06 20:54 ` gabriel.torres at ll dot mit.edu
4 siblings, 0 replies; 6+ messages in thread
From: gabriel.torres at ll dot mit.edu @ 2023-07-06 20:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110579
--- Comment #5 from Gabriel <gabriel.torres at ll dot mit.edu> ---
I see. That makes sense.
Our research project has a dataset with tar 1.14. Our plan is to compare our
work with existing work in the dataset and to be consistent, use tar 1.14. We
noticed our binary compiled with gcc would abort when creating an archive while
using clang was fine.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-07-06 20:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-06 20:14 [Bug c/110579] New: O2, O1 opmtimizations cause a buffer overflow panic during a strcpy gabriel.torres at ll dot mit.edu
2023-07-06 20:14 ` [Bug c/110579] " gabriel.torres at ll dot mit.edu
2023-07-06 20:35 ` [Bug tree-optimization/110579] " sjames at gcc dot gnu.org
2023-07-06 20:41 ` pinskia at gcc dot gnu.org
2023-07-06 20:45 ` pinskia at gcc dot gnu.org
2023-07-06 20:54 ` gabriel.torres at ll dot mit.edu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).