public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "fkastl at suse dot cz" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
Date: Tue, 05 Sep 2023 12:58:23 +0000 [thread overview]
Message-ID: <bug-111291-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
Bug ID: 111291
Summary: ASAN error: heap-use-after-free
gcc/fortran/parse.cc:359 in decode_statement
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: fkastl at suse dot cz
CC: mjambor at suse dot cz
Target Milestone: ---
Host: x86_64-linux
Target: x86_64-linux
With an ASAN-instrumented GCC
configure --enable-languages=default,jit,lto,go,d --enable-host-shared
--enable-checking=release --disable-multilib --with-build-config=bootstrap-asan
running
make check-fortran RUNTESTFLAGS="dg.exp=unexpected_interface.f90 -v"
produces
==6474==ERROR: AddressSanitizer: heap-use-after-free on address 0x513000002ab8
at pc 0x000000ad968d bp 0x7ffd08212000 sp 0x7ffd08211ff8
READ of size 8 at 0x513000002ab8 thread T0
#0 0xad968c in decode_statement
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:359
#1 0xae3df4 in next_free
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:1592
#2 0xae3df4 in next_statement
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:1824
#3 0xae832f in parse_interface
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:3991
#4 0xae832f in parse_spec
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:4350
#5 0xaef85c in parse_progunit
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:6576
#6 0xaf12cc in gfc_parse_file()
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:7162
#7 0xbec011 in gfc_be_parse_file
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/f95-lang.cc:229
#8 0x1fd637f in compile_file
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:444
#9 0x7a7df3 in do_compile
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2126
#10 0x7a7df3 in toplev::main(int, char**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2282
#11 0x7b2e23 in main
/home/worker/buildworker/tiber-gcc-asan/build/gcc/main.cc:39
#12 0x7fd42da281ef in __libc_start_call_main (/lib64/libc.so.6+0x281ef)
(BuildId: 80328d345e2dd1be1b7a59ab1f54d94f4b916dac)
#13 0x7fd42da282b8 in __libc_start_main@GLIBC_2.2.5
(/lib64/libc.so.6+0x282b8) (BuildId: 80328d345e2dd1be1b7a59ab1f54d94f4b916dac)
#14 0x7b45e4 in _start ../sysdeps/x86_64/start.S:115
0x513000002ab8 is located 120 bytes inside of 336-byte region
[0x513000002a40,0x513000002b90)
freed by thread T0 here:
#0 0x865ec8 in __interceptor_free
/home/worker/buildworker/tiber-gcc-asan/build/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0xbb6103 in gfc_free_symbol(gfc_symbol*&)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/symbol.cc:3105
previously allocated by thread T0 here:
#0 0x866bd7 in __interceptor_calloc
/home/worker/buildworker/tiber-gcc-asan/build/libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x57ef974 in xcalloc
/home/worker/buildworker/tiber-gcc-asan/build/libiberty/xmalloc.c:164
SUMMARY: AddressSanitizer: heap-use-after-free
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:359 in
decode_statement
Shadow bytes around the buggy address:
0x513000002800: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x513000002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x513000002980: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x513000002a00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x513000002a80: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
0x513000002b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x513000002b80: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6474==ABORTING
next reply other threads:[~2023-09-05 12:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-05 12:58 fkastl at suse dot cz [this message]
2023-10-30 19:20 ` [Bug fortran/111291] " anlauf at gcc dot gnu.org
2023-12-11 20:34 ` anlauf at gcc dot gnu.org
2024-01-10 14:29 ` jamborm at gcc dot gnu.org
2024-01-10 18:49 ` mikael at gcc dot gnu.org
2024-01-20 15:50 ` cvs-commit at gcc dot gnu.org
2024-01-20 21:24 ` mikael at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-111291-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).