public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/55407] New: stack-buffer-overflow in compute_working_sets
@ 2012-11-20 1:54 hjl.tools at gmail dot com
2012-11-21 14:28 ` [Bug middle-end/55407] " hjl.tools at gmail dot com
0 siblings, 1 reply; 2+ messages in thread
From: hjl.tools at gmail dot com @ 2012-11-20 1:54 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55407
Bug #: 55407
Summary: stack-buffer-overflow in compute_working_sets
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: hjl.tools@gmail.com
hjl@gnu-mic-2 gcc]$ cat /tmp/y.i
extern void abort (void);
extern void exit (int);
int expect_do1 = 1, expect_do2 = 2;
static int doit(int x){
__label__ lbl1;
__label__ lbl2;
static int jtab_init = 0;
static void *jtab[2];
if(!jtab_init) {
jtab[0] = &&lbl1;
jtab[1] = &&lbl2;
jtab_init = 1;
}
goto *jtab[x];
lbl1:
return 1;
lbl2:
return 2;
}
static void do1(void) {
if (doit(0) != expect_do1)
abort ();
}
static void do2(void){
if (doit(1) != expect_do2)
abort ();
}
int main(void){
do1();
do2();
exit(0);
}
[hjl@gnu-mic-2 gcc]$ ./xgcc -B./ -O3 -fprofile-arcs /tmp/y.i
[hjl@gnu-mic-2 gcc]$ ./a.out
[hjl@gnu-mic-2 gcc]$ ./xgcc -B./ -O3 -S -fbranch-probabilities /tmp/y.i
=================================================================
==18365== ERROR: AddressSanitizer stack-buffer-overflow on address
0x7ffff9a5ee70 at pc 0xeeef8a bp 0x7ffff9a5e950 sp 0x7ffff9a5e948
READ of size 8 at 0x7ffff9a5ee70 thread T0
#0 0xeeef89
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xeeef89)
Address 0x7ffff9a5ee70 is located at offset 1184 in frame
<compute_branch_probabilities> of T0's stack:
This frame has 2 object(s):
[32, 112) 'hist_br_prob'
[160, 1184) 'working_set_cum_values'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism
(longjmp and C++ exceptions *are* supported)
Shadow byte and word:
0x1fffff34bdce: f3
0x1fffff34bdc8: 00 00 00 00 00 00 f3 f3
More shadow bytes:
0x1fffff34bda8: 00 00 00 00 00 00 00 00
0x1fffff34bdb0: 00 00 00 00 00 00 00 00
0x1fffff34bdb8: 00 00 00 00 00 00 00 00
0x1fffff34bdc0: 00 00 00 00 00 00 00 00
=>0x1fffff34bdc8: 00 00 00 00 00 00 f3 f3
0x1fffff34bdd0: f3 f3 00 00 00 00 00 00
0x1fffff34bdd8: 00 00 00 00 00 00 00 00
0x1fffff34bde0: 00 00 00 00 00 00 00 00
0x1fffff34bde8: 00 00 00 00 00 00 00 00
Stats: 2M malloced (2M for red zones) by 5642 calls
Stats: 0M realloced by 344 calls
Stats: 2M freed by 3566 calls
Stats: 0M really freed by 0 calls
Stats: 8M (2059 full pages) mmaped in 16 calls
mmaps by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 12:384;
13:128; 14:32; 15:48; 16:8; 18:2;
mallocs by size class: 7:3557; 8:1180; 9:156; 10:80; 11:213; 12:305; 13:89;
14:17; 15:43; 16:1; 18:1;
frees by size class: 7:2011; 8:794; 9:122; 10:73; 11:142; 12:301; 13:64;
14:17; 15:42;
rfrees by size class:
Stats: malloc large: 45 small slow: 115
==18365== ABORTING
[hjl@gnu-mic-2 gcc]$
(gdb) bt
#0 __asan_report_error (pc=15658890, bp=140737488343840, sp=140737488343832,
addr=140737488345152, is_write=<optimized out>, access_size=8)
at /export/gnu/import/git/gcc/libsanitizer/asan/asan_report.cc:464
#1 0x0000000001f2b2a4 in __asan::__asan_report_load8 (addr=<optimized out>)
at /export/gnu/import/git/gcc/libsanitizer/asan/asan_rtl.cc:195
#2 0x0000000000eeef8a in compute_working_sets ()
at /export/gnu/import/git/gcc/gcc/profile.c:294
#3 get_exec_counts (lineno_checksum=0, cfg_checksum=0)
at /export/gnu/import/git/gcc/gcc/profile.c:377
#4 compute_branch_probabilities (cfg_checksum=cfg_checksum@entry=4088700122,
lineno_checksum=lineno_checksum@entry=728892799)
at /export/gnu/import/git/gcc/gcc/profile.c:611
#5 0x0000000000ef1e76 in branch_prob ()
at /export/gnu/import/git/gcc/gcc/profile.c:1371
#6 0x0000000001207d7b in tree_profiling ()
at /export/gnu/import/git/gcc/gcc/tree-profile.c:483
#7 0x0000000000eb4f84 in execute_one_pass (
pass=pass@entry=0x264a680 <pass_ipa_tree_profile>)
at /export/gnu/import/git/gcc/gcc/passes.c:2339
#8 0x0000000000eb6653 in execute_ipa_pass_list (
pass=0x264a680 <pass_ipa_tree_profile>)
at /export/gnu/import/git/gcc/gcc/passes.c:2705
#9 0x000000000087cf79 in ipa_passes ()
---Type <return> to continue, or q <return> to quit---
at /export/gnu/import/git/gcc/gcc/cgraphunit.c:1871
#10 compile () at /export/gnu/import/git/gcc/gcc/cgraphunit.c:1994
#11 0x000000000087e58a in finalize_compilation_unit ()
at /export/gnu/import/git/gcc/gcc/cgraphunit.c:2122
#12 0x000000000059aec1 in c_write_global_declarations ()
at /export/gnu/import/git/gcc/gcc/c/c-decl.c:10128
#13 0x000000000107b11a in compile_file ()
at /export/gnu/import/git/gcc/gcc/toplev.c:559
#14 0x000000000107f407 in do_compile ()
at /export/gnu/import/git/gcc/gcc/toplev.c:1881
#15 toplev_main (argc=15, argv=0x7fffffffe0d8)
at /export/gnu/import/git/gcc/gcc/toplev.c:1957
#16 0x00000038f3a21675 in __libc_start_main () from /lib64/libc.so.6
#17 0x000000000055c761 in _start ()
(gdb)
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug middle-end/55407] stack-buffer-overflow in compute_working_sets
2012-11-20 1:54 [Bug middle-end/55407] New: stack-buffer-overflow in compute_working_sets hjl.tools at gmail dot com
@ 2012-11-21 14:28 ` hjl.tools at gmail dot com
0 siblings, 0 replies; 2+ messages in thread
From: hjl.tools at gmail dot com @ 2012-11-21 14:28 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55407
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |DUPLICATE
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> 2012-11-21 14:28:00 UTC ---
Dup.
*** This bug has been marked as a duplicate of bug 55417 ***
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-11-21 14:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-20 1:54 [Bug middle-end/55407] New: stack-buffer-overflow in compute_working_sets hjl.tools at gmail dot com
2012-11-21 14:28 ` [Bug middle-end/55407] " hjl.tools at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).