public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug bootstrap/55380] New: All search_line_fast implementations read beyond buffer
@ 2012-11-18 15:52 hjl.tools at gmail dot com
2012-11-19 1:59 ` [Bug bootstrap/55380] " pinskia at gcc dot gnu.org
2012-12-03 17:20 ` jakub at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: hjl.tools at gmail dot com @ 2012-11-18 15:52 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55380
Bug #: 55380
Summary: All search_line_fast implementations read beyond
buffer
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: bootstrap
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: hjl.tools@gmail.com
Depends on: 54691
Similar to PR 54691, GCC built with -faddress-sanitizer leads
to
==7876== ERROR: AddressSanitizer heap-buffer-overflow on address 0x7f3484513ff0
at pc 0x1e792db bp 0x7fffbed86340 sp 0x7fffbed86338
READ of size 16 at 0x7f3484513ff0 thread T0
#0 0x1e792da
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x1e792da)
0x7f3484513ff0 is located 0 bytes to the right of 4021-byte region
[0x7f3484513040,0x7f3484513ff5)
allocated by thread T0 here:
#0 0x1f2d48c
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x1f2d48c)
#1 0x1f2609c
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x1f2609c)
Shadow byte and word:
0x1fe6908a27fe: 5
0x1fe6908a27f8: 00 00 00 00 00 00 05 fb
[hjl@gnu-tools-1 gcc]$ addr2line -e cc1 0x1e792da
/export/gnu/import/git/sources/gcc/libcpp/lex.c:393
[hjl@gnu-tools-1 gcc]$
All search_line_fast implementations read beyond buffer.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug bootstrap/55380] All search_line_fast implementations read beyond buffer
2012-11-18 15:52 [Bug bootstrap/55380] New: All search_line_fast implementations read beyond buffer hjl.tools at gmail dot com
@ 2012-11-19 1:59 ` pinskia at gcc dot gnu.org
2012-12-03 17:20 ` jakub at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2012-11-19 1:59 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55380
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-11-19 01:59:22 UTC ---
>All search_line_fast implementations read beyond buffer.
Yes and this is one of the false positives really. We might read past the
bounds of an array but it is always on an aligned location and not really
depends on those reads past the bounds.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug bootstrap/55380] All search_line_fast implementations read beyond buffer
2012-11-18 15:52 [Bug bootstrap/55380] New: All search_line_fast implementations read beyond buffer hjl.tools at gmail dot com
2012-11-19 1:59 ` [Bug bootstrap/55380] " pinskia at gcc dot gnu.org
@ 2012-12-03 17:20 ` jakub at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-12-03 17:20 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55380
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-12-03 17:20:01 UTC ---
Author: jakub
Date: Mon Dec 3 17:19:47 2012
New Revision: 194102
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=194102
Log:
PR bootstrap/55380
PR other/54691
* files.c (read_file_guts): Allocate extra 16 bytes instead of
1 byte at the end of buf. Pass size + 16 instead of size
to _cpp_convert_input.
* charset.c (_cpp_convert_input): Reallocate if there aren't
at least 16 bytes beyond to.len in the buffer. Clear 16 bytes
at to.text + to.len.
Modified:
trunk/libcpp/ChangeLog
trunk/libcpp/charset.c
trunk/libcpp/files.c
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-12-03 17:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-18 15:52 [Bug bootstrap/55380] New: All search_line_fast implementations read beyond buffer hjl.tools at gmail dot com
2012-11-19 1:59 ` [Bug bootstrap/55380] " pinskia at gcc dot gnu.org
2012-12-03 17:20 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).