[Bug middle-end/113734] New: [14 regression] libarchive miscompiled (fails libarchive_test_read_format_rar5_extra_field_version test) since r14-8768-g85094e2aa6dba7

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "sjames at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/113734] New: [14 regression] libarchive miscompiled (fails libarchive_test_read_format_rar5_extra_field_version test) since r14-8768-g85094e2aa6dba7
Date: Sat, 03 Feb 2024 00:49:44 +0000	[thread overview]
Message-ID: <bug-113734-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113734

            Bug ID: 113734
           Summary: [14 regression] libarchive miscompiled (fails
                    libarchive_test_read_format_rar5_extra_field_version
                    test) since r14-8768-g85094e2aa6dba7
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sjames at gcc dot gnu.org
                CC: tnfchris at gcc dot gnu.org
  Target Milestone: ---

This is the miscompilation in libarchive's test suite I mentioned as an aside
in PR113731.

Steps to reproduce:
1. wget
https://github.com/libarchive/libarchive/releases/download/v3.7.2/libarchive-3.7.2.tar.xz
2. tar xvf libarchive-3.7.2.tar.xz && cd libarchive-3.7.2
3. export CFLAGS="-O3 -march=znver2 -ggdb3" CXXFLAGS="-O3 -march=znver2 -ggdb3"
; cmake -B out -S . -G Ninja
4. ninja -C out
5. ninja -C out test

The test failure is pretty suspicious:
```
/home/sam/data/libarchive/libarchive-3.7.2/libarchive/test/test_read_format_rar5.c:106:
bytes_read != fsize
      bytes_read=-30 (0xffffffffffffffe2, 01777777777777777777742)
      fsize=95 (0x5f, 0137)
/home/sam/data/libarchive/libarchive-3.7.2/libarchive/test/test_read_format_rar5.c:959:
Assertion failed: 0 == extract_one(a, ae, 0xF24181B7)
    errno: 22
   detail: Failed to decode the distance slot

Totals:
  Tests run:                1
  Tests failed:             1
  Assertions checked:     399
  Assertions failed:        4
  Skips reported:           0

Failing tests:
  347: test_read_format_rar5_extra_field_version (4 failures)
```

If I run it under Valgrind, I then get:
```
$ valgrind "/home/sam/data/libarchive/libarchive-3.7.2/out/bin/libarchive_test"
"-vv" "-r" "/home/sam/data/libarchive/libarchive-3.7.2/libarchive/test"
"test_read_fo
rmat_rar5_extra_field_version"
==205571== Memcheck, a memory error detector
==205571== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==205571== Using Valgrind-3.23.0.GIT and LibVEX; rerun with -h for copyright
info
==205571== Command:
/home/sam/data/libarchive/libarchive-3.7.2/out/bin/libarchive_test -vv -r
/home/sam/data/libarchive/libarchive-3.7.2/libarchive/test
test_read_format_rar5_extra_field_version
==205571==

If tests fail or crash, details will be in:
   /tmp/libarchive_test.2024-02-03T00.01.16-000

Reference files will be read from:
/home/sam/data/libarchive/libarchive-3.7.2/libarchive/test
Exercising: libarchive 3.7.2 zlib/1.3.1 liblzma/5.5.1alpha bz2lib/1.0.8
liblz4/1.9.4 libzstd/1.5.5
347: test_read_format_rar5_extra_field_version
==205571== Use of uninitialised value of size 8
==205571==    at 0x2752A9: create_decode_tables
(archive_read_support_format_rar5.c:2504)
==205571==    by 0x2752A9: parse_tables.constprop.0
(archive_read_support_format_rar5.c:2736)
==205571==    by 0x27C942: process_block
(archive_read_support_format_rar5.c:3557)
==205571==    by 0x27C942: do_uncompress_file
(archive_read_support_format_rar5.c:3753)
==205571==    by 0x27C942: uncompress_file
(archive_read_support_format_rar5.c:3837)
==205571==    by 0x27C942: do_unpack (archive_read_support_format_rar5.c:3923)
==205571==    by 0x27C942: rar5_read_data
(archive_read_support_format_rar5.c:4087)
==205571==    by 0x23D63B: archive_read_data (archive_read.c:841)
==205571==    by 0x1AA34C: extract_one (test_read_format_rar5.c:104)
==205571==    by 0x1B22CA: test_read_format_rar5_extra_field_version
(test_read_format_rar5.c:955)
==205571==    by 0x11E0A4: test_run (test_main.c:3570)
==205571==    by 0x11E0A4: main (test_main.c:4182)
[...]
==205571==
==205571== Conditional jump or move depends on uninitialised value(s)
==205571==    at 0x275518: create_decode_tables
(archive_read_support_format_rar5.c:2524)
==205571==    by 0x275518: parse_tables.constprop.0
(archive_read_support_format_rar5.c:2736)
==205571==    by 0x27C942: process_block
(archive_read_support_format_rar5.c:3557)
==205571==    by 0x27C942: do_uncompress_file
(archive_read_support_format_rar5.c:3753)
==205571==    by 0x27C942: uncompress_file
(archive_read_support_format_rar5.c:3837)
==205571==    by 0x27C942: do_unpack (archive_read_support_format_rar5.c:3923)
==205571==    by 0x27C942: rar5_read_data
(archive_read_support_format_rar5.c:4087)
==205571==    by 0x23D63B: archive_read_data (archive_read.c:841)
==205571==    by 0x1AA34C: extract_one (test_read_format_rar5.c:104)
==205571==    by 0x1B22CA: test_read_format_rar5_extra_field_version
(test_read_format_rar5.c:955)
==205571==    by 0x11E0A4: test_run (test_main.c:3570)
==205571==    by 0x11E0A4: main (test_main.c:4182)
==205571==
[...]
```

I will dig a bit more.

next             reply	other threads:[~2024-02-03  0:49 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-03  0:49 sjames at gcc dot gnu.org [this message]
2024-02-03  8:20 ` [Bug middle-end/113734] " sjames at gcc dot gnu.org
2024-02-03 11:29 ` tnfchris at gcc dot gnu.org
2024-02-03 21:50 ` pinskia at gcc dot gnu.org
2024-02-05 12:19 ` tnfchris at gcc dot gnu.org
2024-02-05 14:46 ` sjames at gcc dot gnu.org
2024-02-06 17:53 ` tnfchris at gcc dot gnu.org
2024-02-07  8:19 ` rguenth at gcc dot gnu.org
2024-02-07  9:10 ` rguenth at gcc dot gnu.org
2024-02-07  9:21 ` rguenth at gcc dot gnu.org
2024-02-07  9:25 ` tnfchris at gcc dot gnu.org
2024-02-08 11:59 ` rguenth at gcc dot gnu.org
2024-02-10 14:51 ` sjames at gcc dot gnu.org
2024-02-11 13:49 ` sjames at gcc dot gnu.org
2024-02-12  5:43 ` sjames at gcc dot gnu.org
2024-02-12  9:06 ` tnfchris at gcc dot gnu.org
2024-02-12  9:56 ` sjames at gcc dot gnu.org
2024-02-12  9:58 ` tnfchris at gcc dot gnu.org
2024-02-12 10:34 ` tnfchris at gcc dot gnu.org
2024-02-12 11:47 ` tnfchris at gcc dot gnu.org
2024-02-12 13:16 ` tnfchris at gcc dot gnu.org
2024-02-12 13:25 ` rguenth at gcc dot gnu.org
2024-02-12 13:33 ` tnfchris at gcc dot gnu.org
2024-02-12 16:07 ` tnfchris at gcc dot gnu.org
2024-02-13  4:33 ` tnfchris at gcc dot gnu.org
2024-02-13  8:24 ` [Bug tree-optimization/113734] " tnfchris at gcc dot gnu.org
2024-02-13  8:42 ` jakub at gcc dot gnu.org
2024-02-13  8:49 ` sjames at gcc dot gnu.org
2024-02-13 11:05 ` cvs-commit at gcc dot gnu.org
2024-02-13 11:06 ` tnfchris at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-113734-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).