public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/55475] New: heap-buffer-overflow in fortran/error.c
@ 2012-11-26 20:49 hjl.tools at gmail dot com
2012-11-26 21:59 ` [Bug fortran/55475] " burnus at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: hjl.tools at gmail dot com @ 2012-11-26 20:49 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55475
Bug #: 55475
Summary: heap-buffer-overflow in fortran/error.c
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: hjl.tools@gmail.com
[hjl@gnu-mic-1 gfortran]$
/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/testsuite/gfortran6/../../gfortran
-B/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/testsuite/gfortran6/../../
-B/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/x86_64-unknown-linux-gnu/./libgfortran/
/export/gnu/import/git/gcc/gcc/testsuite/gfortran.dg/line_length_4.f90
-fno-diagnostics-show-caret -O -Wline-truncation -ffree-line-length-80 -S
-mx32 -o line_length_4.s
/export/gnu/import/git/gcc/gcc/testsuite/gfortran.dg/line_length_4.f90:8.85:
25 ), " Explanation ! "
=================================================================
==18910== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf6820398
at pc 0x583c85 bp 0xffff9ed0 sp 0xffff9ecc
READ of size 4 at 0xf6820398 thread T0
#0 0x583c84
(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/f951+0x583c84)
0xf6820398 is located 0 bytes to the right of 344-byte region
[0xf6820240,0xf6820398)
allocated by thread T0 here:
#0 0x24ae2dc
(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/f951+0x24ae2dc)
#1 0x24a2c63
(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/f951+0x24a2c63)
Shadow byte and word:
0x3ed04073: fb
0x3ed04070: 00 00 00 fb
More shadow bytes:
0x3ed04060: 00 00 00 00
0x3ed04064: 00 00 00 00
0x3ed04068: 00 00 00 00
0x3ed0406c: 00 00 00 00
=>0x3ed04070: 00 00 00 fb
0x3ed04074: fb fb fb fb
0x3ed04078: fa fa fa fa
0x3ed0407c: fa fa fa fa
0x3ed04080: fa fa fa fa
Stats: 0M malloced (0M for red zones) by 3129 calls
Stats: 0M realloced by 312 calls
Stats: 0M freed by 961 calls
Stats: 0M really freed by 0 calls
Stats: 5M (1285 full pages) mmaped in 10 calls
mmaps by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 12:128; 13:64;
14:32; 15:16; 17:4;
mallocs by size class: 7:2646; 8:171; 9:77; 10:138; 11:81; 12:4; 13:7; 14:1;
15:2; 17:2;
frees by size class: 7:688; 8:62; 9:68; 10:132; 11:9; 12:1; 13:1;
rfrees by size class:
Stats: malloc large: 4 small slow: 30
==18910== ABORTING[hjl@gnu-mic-1 gfortran]$ addr2line -e ../../f951 0x583c84
/export/gnu/import/git/gcc/gcc/fortran/error.c:393
[hjl@gnu-mic-1 gfortran]$
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug fortran/55475] heap-buffer-overflow in fortran/error.c
2012-11-26 20:49 [Bug fortran/55475] New: heap-buffer-overflow in fortran/error.c hjl.tools at gmail dot com
@ 2012-11-26 21:59 ` burnus at gcc dot gnu.org
2012-12-03 8:56 ` burnus at gcc dot gnu.org
2012-12-03 10:00 ` burnus at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: burnus at gcc dot gnu.org @ 2012-11-26 21:59 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55475
Tobias Burnus <burnus at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2012-11-26
CC| |burnus at gcc dot gnu.org
Ever Confirmed|0 |1
--- Comment #1 from Tobias Burnus <burnus at gcc dot gnu.org> 2012-11-26 21:59:32 UTC ---
Draft patch:
--- a/gcc/fortran/scanner.c
+++ b/gcc/fortran/scanner.c
@@ -1070,6 +1070,8 @@ restart:
int maxlen = gfc_option.free_line_length;
+ gfc_char_t *current_nextc = gfc_current_locus.nextc;
+
gfc_current_locus.lb->truncated = 0;
- gfc_current_locus.nextc += maxlen;
+ gfc_current_locus.nextc = gfc_current_locus.lb->line + maxlen;
gfc_warning_now ("Line truncated at %L", &gfc_current_locus);
- gfc_current_locus.nextc -= maxlen;
+ gfc_current_locus.nextc = current_nextc;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug fortran/55475] heap-buffer-overflow in fortran/error.c
2012-11-26 20:49 [Bug fortran/55475] New: heap-buffer-overflow in fortran/error.c hjl.tools at gmail dot com
2012-11-26 21:59 ` [Bug fortran/55475] " burnus at gcc dot gnu.org
@ 2012-12-03 8:56 ` burnus at gcc dot gnu.org
2012-12-03 10:00 ` burnus at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: burnus at gcc dot gnu.org @ 2012-12-03 8:56 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55475
--- Comment #2 from Tobias Burnus <burnus at gcc dot gnu.org> 2012-12-03 08:56:22 UTC ---
Author: burnus
Date: Mon Dec 3 08:56:11 2012
New Revision: 194076
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=194076
Log:
2012-12-03 Tobias Burnus <burnus@net-b.de>
PR fortran/55475
* scanner.c (gfc_next_char_literal): Fix setting locus
to free_line_length for the error message.
* error.c (show_locus): Fix potential out-of-bounds
read.
Modified:
trunk/gcc/fortran/ChangeLog
trunk/gcc/fortran/error.c
trunk/gcc/fortran/scanner.c
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug fortran/55475] heap-buffer-overflow in fortran/error.c
2012-11-26 20:49 [Bug fortran/55475] New: heap-buffer-overflow in fortran/error.c hjl.tools at gmail dot com
2012-11-26 21:59 ` [Bug fortran/55475] " burnus at gcc dot gnu.org
2012-12-03 8:56 ` burnus at gcc dot gnu.org
@ 2012-12-03 10:00 ` burnus at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: burnus at gcc dot gnu.org @ 2012-12-03 10:00 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55475
Tobias Burnus <burnus at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Tobias Burnus <burnus at gcc dot gnu.org> 2012-12-03 09:59:41 UTC ---
FIXED thanks for the report!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-12-03 10:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-26 20:49 [Bug fortran/55475] New: heap-buffer-overflow in fortran/error.c hjl.tools at gmail dot com
2012-11-26 21:59 ` [Bug fortran/55475] " burnus at gcc dot gnu.org
2012-12-03 8:56 ` burnus at gcc dot gnu.org
2012-12-03 10:00 ` burnus at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).