public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
@ 2013-11-15 17:08 howarth at nitro dot med.uc.edu
2013-11-15 18:43 ` [Bug sanitizer/59148] " dominiq at lps dot ens.fr
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: howarth at nitro dot med.uc.edu @ 2013-11-15 17:08 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
Bug ID: 59148
Summary: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0
execution test on darwin13
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: howarth at nitro dot med.uc.edu
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
At r204847, on x86_64-apple-darwin13, the following regressions remain...
=== gcc tests ===
Running target unix/-m32
FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
=== gcc Summary for unix/-m32 ===
# of expected passes 324
# of unexpected failures 1
# of unsupported tests 101
Running target unix/-m64
FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
=== gcc Summary for unix/-m64 ===
# of expected passes 324
# of unexpected failures 1
# of unsupported tests 101
=== gcc Summary ===
# of expected passes 648
# of unexpected failures 2
# of unsupported tests 202
/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc version 4.9.0
20131115 (experimental) (GCC)
Compiler version: 4.9.0 20131115 (experimental) (GCC)
Platform: x86_64-apple-darwin13.0.0
configure flags: --prefix=/sw --prefix=/sw/lib/gcc4.9 --mandir=/sw/share/man
--infodir=/sw/lib/gcc4.9/info
--enable-languages=c,c++,fortran,lto,objc,obj-c++,java --with-gmp=/sw
--with-libiconv-prefix=/sw --with-isl=/sw --with-cloog=/sw --with-mpc=/sw
--with-system-zlib --enable-checking=yes --x-includes=/usr/X11R6/include
--x-libraries=/usr/X11R6/lib --program-suffix=-fsf-4.9
The failures appear as...
Executing on host: /sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131115/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/
-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs
-fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never
-O0 -fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -o
./strncpy-overflow-1.exe (timeout = 300)
spawn /sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131115/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/
-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs
-fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -o ./strncpy-overflow-1.exe^M
PASS: c-c++-common/asan/strncpy-overflow-1.c -O0 (test for excess errors)
Setting LD_LIBRARY_PATH to
:/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc:/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs::/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc:/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs:/usr/local/NMRPipe/nmrbin.mac/lib
spawn [open ...]^M
FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
If I compile the failing test case with...
/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131115/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/
-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs
-fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -mmacosx-version-min=10.8 -o
./strncpy-overflow-1.exe
it still 'FAILS' by passing, but if I move that strncpy-overflow-1.exe binary
to a x86_64-apple-darwin12 box with the same build of gcc trunk on the
x86_64-apple-darwin12 target, it works as expected...
% ./strncpy-overflow-1.exe
=================================================================
==16663==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x01c00759 at
pc 0xd501d bp 0xbff428a8 sp 0xbff42488
WRITE of size 10 at 0x01c00759 thread T0
#0 0xd501c (/sw/lib/gcc4.9/lib/i386/libasan.1.dylib+0x1101c)
#1 0xbed41 (/Users/howarth/./strncpy-overflow-1.exe+0x1d41)
#2 0x99852724 (/usr/lib/system/libdyld.dylib+0x2724)
#3 0x0
0x01c00759 is located 0 bytes to the right of 9-byte region
[0x01c00750,0x01c00759)
allocated by thread T0 here:
#0 0xde0f2 (/sw/lib/gcc4.9/lib/i386/libasan.1.dylib+0x1a0f2)
#1 0xbed28 (/Users/howarth/./strncpy-overflow-1.exe+0x1d28)
#2 0x99852724 (/usr/lib/system/libdyld.dylib+0x2724)
#3 0x0
Shadow bytes around the buggy address:
0x20380090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x203800e0: fa fa fa fa fa fa fa fa fa fa 00[01]fa fa 06 fa
0x203800f0: fa fa 00 fa fa fa 00 04 fa fa 00 07 fa fa fd fa
0x20380100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x20380110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x20380120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x20380130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==16663==ABORTING
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
@ 2013-11-15 18:43 ` dominiq at lps dot ens.fr
2013-11-15 21:02 ` howarth at nitro dot med.uc.edu
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dominiq at lps dot ens.fr @ 2013-11-15 18:43 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2013-11-15
Ever confirmed|0 |1
--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Confirmed.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
2013-11-15 18:43 ` [Bug sanitizer/59148] " dominiq at lps dot ens.fr
@ 2013-11-15 21:02 ` howarth at nitro dot med.uc.edu
2013-11-21 9:43 ` glider at google dot com
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: howarth at nitro dot med.uc.edu @ 2013-11-15 21:02 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #2 from Jack Howarth <howarth at nitro dot med.uc.edu> ---
Also confirmed that if you compile the failing test case using current
llvm/clang svn with...
/sw/opt/llvm-3.4/bin/clang -fsanitize=address -g -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -o ./strncpy-overflow-1.exe
strncpy-overflow-1.c
or
/sw/opt/llvm-3.4/bin/clang -fsanitize=address -g -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m64 -o ./strncpy-overflow-1.exe
strncpy-overflow-1.c
that the test case fails as expected.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
2013-11-15 18:43 ` [Bug sanitizer/59148] " dominiq at lps dot ens.fr
2013-11-15 21:02 ` howarth at nitro dot med.uc.edu
@ 2013-11-21 9:43 ` glider at google dot com
2013-11-22 12:48 ` jakub at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: glider at google dot com @ 2013-11-21 9:43 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #3 from Alexander Potapenko <glider at google dot com> ---
GCC emits calls to __strcpy_chk and __strncpy_chk in this test, which happens
because of source fortification being on by default on Darwin.
In Clang we're passing -D_FORTIFY_SOURCE=0 when compiling with
-fsanitize=address.
I've checked that manually adding -D_FORTIFY_SOURCE=0 fixes
strncpy-overflow-1.c
Jack, can you please make the changes in the GCC driver?
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
` (2 preceding siblings ...)
2013-11-21 9:43 ` glider at google dot com
@ 2013-11-22 12:48 ` jakub at gcc dot gnu.org
2013-11-22 13:57 ` glider at google dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2013-11-22 12:48 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Well, -D_FORTIFY_SOURCE=2 does things that asan doesn't and can't do, so
disabling fortification if you build with -fsanitize=address sounds like a very
bad idea to me.
IMHO libasan should intercept also the __*_chk calls, test + branch to
__chk_fail if they should fail, otherwise fall through to the intercepted
original function.
For *printf* family __printf_chk etc. also fail on %n if it isn't in read-only
string literal.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
` (3 preceding siblings ...)
2013-11-22 12:48 ` jakub at gcc dot gnu.org
@ 2013-11-22 13:57 ` glider at google dot com
2013-11-22 21:30 ` howarth at nitro dot med.uc.edu
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: glider at google dot com @ 2013-11-22 13:57 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #5 from Alexander Potapenko <glider at google dot com> ---
I've opened https://code.google.com/p/address-sanitizer/issues/detail?id=247 to
track this. But until that issue is fixed we'll have to disable source
fortification in GCC if ASan is enabled.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
` (4 preceding siblings ...)
2013-11-22 13:57 ` glider at google dot com
@ 2013-11-22 21:30 ` howarth at nitro dot med.uc.edu
2014-11-19 13:54 ` [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test fxcoudert at gcc dot gnu.org
2014-11-21 23:10 ` dominiq at lps dot ens.fr
7 siblings, 0 replies; 9+ messages in thread
From: howarth at nitro dot med.uc.edu @ 2013-11-22 21:30 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #6 from Jack Howarth <howarth at nitro dot med.uc.edu> ---
(In reply to Alexander Potapenko from comment #3)
> GCC emits calls to __strcpy_chk and __strncpy_chk in this test, which
> happens because of source fortification being on by default on Darwin.
> In Clang we're passing -D_FORTIFY_SOURCE=0 when compiling with
> -fsanitize=address.
>
> I've checked that manually adding -D_FORTIFY_SOURCE=0 fixes
> strncpy-overflow-1.c
>
> Jack, can you please make the changes in the GCC driver?
Yes, I can confirm that...
Index: gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
===================================================================
--- gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c (revision 205290)
+++ gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c (working copy)
@@ -1,5 +1,5 @@
/* { dg-do run } */
-/* { dg-options "-fno-builtin-malloc -fno-builtin-strncpy" } */
+/* { dg-options "-D_FORTIFY_SOURCE=0 -fno-builtin-malloc -fno-builtin-strncpy"
} */
/* { dg-shouldfail "asan" } */
#include <string.h>
suppresses the problem. I can also confirm with current llvm/compiler-rt/clang
3.4 branch that...
/sw/opt/llvm-3.4/bin/clang -fsanitize=address -g -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m64 -D_FORTIFY_SOURCE=2 -o
./strncpy-overflow-1.exe strncpy-overflow-1.c
also produces a binary that 'fails' by 'passing'.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
` (5 preceding siblings ...)
2013-11-22 21:30 ` howarth at nitro dot med.uc.edu
@ 2014-11-19 13:54 ` fxcoudert at gcc dot gnu.org
2014-11-21 23:10 ` dominiq at lps dot ens.fr
7 siblings, 0 replies; 9+ messages in thread
From: fxcoudert at gcc dot gnu.org @ 2014-11-19 13:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Target|x86_64-apple-darwin13 |x86_64-apple-darwin*
Last reconfirmed|2013-11-15 00:00:00 |2014-11-19
CC| |fxcoudert at gcc dot gnu.org
Host|x86_64-apple-darwin13 |x86_64-apple-darwin*
Summary|FAIL: |FAIL:
|c-c++-common/asan/strncpy-o |c-c++-common/asan/strncpy-o
|verflow-1.c -O0 execution |verflow-1.c -O0 execution
|test on darwin13 |test
Build|x86_64-apple-darwin13 |x86_64-apple-darwin*
--- Comment #7 from Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> ---
Still fails on trunk, with x86_64-apple-darwin.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
` (6 preceding siblings ...)
2014-11-19 13:54 ` [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test fxcoudert at gcc dot gnu.org
@ 2014-11-21 23:10 ` dominiq at lps dot ens.fr
7 siblings, 0 replies; 9+ messages in thread
From: dominiq at lps dot ens.fr @ 2014-11-21 23:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #8 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Created attachment 34071
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34071&action=edit
Patch fixing the test failure.
With the attached patch based on comment 3, the test now succeeds.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-11-21 23:10 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-15 17:08 [Bug sanitizer/59148] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test on darwin13 howarth at nitro dot med.uc.edu
2013-11-15 18:43 ` [Bug sanitizer/59148] " dominiq at lps dot ens.fr
2013-11-15 21:02 ` howarth at nitro dot med.uc.edu
2013-11-21 9:43 ` glider at google dot com
2013-11-22 12:48 ` jakub at gcc dot gnu.org
2013-11-22 13:57 ` glider at google dot com
2013-11-22 21:30 ` howarth at nitro dot med.uc.edu
2014-11-19 13:54 ` [Bug sanitizer/59148] FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test fxcoudert at gcc dot gnu.org
2014-11-21 23:10 ` dominiq at lps dot ens.fr
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).