public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "ubizjak at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libfortran/59313] gfortran.dg/erf_3.F90 FAILs on Solaris/SPARC
Date: Sun, 01 Dec 2013 19:31:00 -0000 [thread overview]
Message-ID: <bug-59313-4-0cXCVjFN9b@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-59313-4@http.gcc.gnu.org/bugzilla/>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="UTF-8", Size: 11937 bytes --]
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59313
Uroš Bizjak <ubizjak at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
URL| |http://gcc.gnu.org/ml/gcc-p
| |atches/2013-12/msg00018.htm
| |l
Component|fortran |libfortran
Target Milestone|--- |4.9.0
--- Comment #4 from Uroš Bizjak <ubizjak at gmail dot com> ---
Patch at [1].
[1] http://gcc.gnu.org/ml/gcc-patches/2013-12/msg00018.html
>From gcc-bugs-return-436364-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Sun Dec 01 19:34:26 2013
Return-Path: <gcc-bugs-return-436364-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 8280 invoked by alias); 1 Dec 2013 19:34:26 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 8252 invoked by uid 48); 1 Dec 2013 19:34:22 -0000
From: "octoploid at yandex dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/59362] Abort in fini_object_sizes
Date: Sun, 01 Dec 2013 19:34:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 4.9.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: octoploid at yandex dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-59362-4-3NXxGnBkKp@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-59362-4@http.gcc.gnu.org/bugzilla/>
References: <bug-59362-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2013-12/txt/msg00019.txt.bz2
Content-length: 9378
http://gcc.gnu.org/bugzilla/show_bug.cgi?idY362
Markus Trippelsdorf <octoploid at yandex dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |octoploid at yandex dot com
--- Comment #1 from Markus Trippelsdorf <octoploid at yandex dot com> ---
Valgrind shows:
=073== Invalid write of size 8
=073== at 0x8C60BF: collect_object_sizes_for(object_size_info*,
tree_node*) (tree-object-size.c:913)
=073== by 0x8C6CA4: merge_object_sizes(object_size_info*, tree_node*,
tree_node*, unsigned long) [clone .isra.26] (tree-object-size.c:745)
=073== by 0x8C68BA: collect_object_sizes_for(object_size_info*,
tree_node*) (tree-object-size.c:956)
=073== by 0x8C5188: compute_builtin_object_size(tree_node*, int)
(tree-object-size.c:539)
=073== by 0x5BACA7: fold_builtin_2(unsigned int, tree_node*, tree_node*,
tree_node*, bool) (builtins.c:12721)
=073== by 0x5BBBAB: fold_builtin_n(unsigned int, tree_node*, tree_node**,
int, bool) (builtins.c:11118)
=073== by 0x5C3F54: fold_call_stmt(gimple_statement_base*, bool)
(builtins.c:14252)
=073== by 0x8C43A6: (anonymous namespace)::pass_object_sizes::execute()
(tree-object-size.c:1224)
=073== by 0x7CC189: execute_one_pass(opt_pass*) (passes.c:2215)
=073== by 0x7CC3F5: execute_pass_list(opt_pass*) (passes.c:2268)
=073== by 0x7CC407: execute_pass_list(opt_pass*) (passes.c:2269)
=073== by 0x5FCB95: expand_function(cgraph_node*) (cgraphunit.c:1763)
=073== Address 0x53a8bc8 is 0 bytes after a block of size 856 alloc'd
=073== at 0x40274F0: malloc (vg_replace_malloc.c:291)
=073== by 0xD38CC7: xmalloc (xmalloc.c:147)
=073== by 0x8C4182: init_object_sizes() [clone .part.28]
(tree-object-size.c:1183)
=073== by 0x8C4B83: (anonymous namespace)::pass_object_sizes::execute()
(ssa-iterators.h:498)
=073== by 0x7CC189: execute_one_pass(opt_pass*) (passes.c:2215)
=073== by 0x7CC3F5: execute_pass_list(opt_pass*) (passes.c:2268)
=073== by 0x7CC407: execute_pass_list(opt_pass*) (passes.c:2269)
=073== by 0x5FCB95: expand_function(cgraph_node*) (cgraphunit.c:1763)
=073== by 0x5FE477: compile() (cgraphunit.c:1868)
=073== by 0x5FE7D4: finalize_compilation_unit() (cgraphunit.c:2280)
=073== by 0x51E92B: c_write_global_declarations() (c-decl.c:10388)
=073== by 0x866B7C: compile_file() (toplev.c:561)
=073==073== Invalid read of size 8
=073== at 0x8C6535: collect_object_sizes_for(object_size_info*,
tree_node*) (tree-object-size.c:799)
=073== by 0x8C6CA4: merge_object_sizes(object_size_info*, tree_node*,
tree_node*, unsigned long) [clone .isra.26] (tree-object-size.c:745)
=073== by 0x8C68BA: collect_object_sizes_for(object_size_info*,
tree_node*) (tree-object-size.c:956)
=073== by 0x8C5188: compute_builtin_object_size(tree_node*, int)
(tree-object-size.c:539)
=073== by 0x5BACA7: fold_builtin_2(unsigned int, tree_node*, tree_node*,
tree_node*, bool) (builtins.c:12721)
=073== by 0x5BBBAB: fold_builtin_n(unsigned int, tree_node*, tree_node**,
int, bool) (builtins.c:11118)
=073== by 0x5C3F54: fold_call_stmt(gimple_statement_base*, bool)
(builtins.c:14252)
=073== by 0x8C43A6: (anonymous namespace)::pass_object_sizes::execute()
(tree-object-size.c:1224)
=073== by 0x7CC189: execute_one_pass(opt_pass*) (passes.c:2215)
=073== by 0x7CC3F5: execute_pass_list(opt_pass*) (passes.c:2268)
=073== by 0x7CC407: execute_pass_list(opt_pass*) (passes.c:2269)
=073== by 0x5FCB95: expand_function(cgraph_node*) (cgraphunit.c:1763)
=073== Address 0x53a8bc8 is 0 bytes after a block of size 856 alloc'd
=073== at 0x40274F0: malloc (vg_replace_malloc.c:291)
=073== by 0xD38CC7: xmalloc (xmalloc.c:147)
=073== by 0x8C4182: init_object_sizes() [clone .part.28]
(tree-object-size.c:1183)
=073== by 0x8C4B83: (anonymous namespace)::pass_object_sizes::execute()
(ssa-iterators.h:498)
=073== by 0x7CC189: execute_one_pass(opt_pass*) (passes.c:2215)
=073== by 0x7CC3F5: execute_pass_list(opt_pass*) (passes.c:2268)
=073== by 0x7CC407: execute_pass_list(opt_pass*) (passes.c:2269)
=073== by 0x5FCB95: expand_function(cgraph_node*) (cgraphunit.c:1763)
=073== by 0x5FE477: compile() (cgraphunit.c:1868)
=073== by 0x5FE7D4: finalize_compilation_unit() (cgraphunit.c:2280)
=073== by 0x51E92B: c_write_global_declarations() (c-decl.c:10388)
=073== by 0x866B7C: compile_file() (toplev.c:561)
=073=
AddressSanitizer:
markus@x4 tmp % /var/tmp/gcc_sani/usr/local/bin/gcc -c -O2 -std=gnu99 bug124.c
=================================================================)94==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6180001343d8
at pc 0x133f0e8 bp 0x7fffe70fc990 sp 0x7fffe70fc988
WRITE of size 8 at 0x6180001343d8 thread T0
#0 0x133f0e7 in collect_object_sizes_for(object_size_info*, tree_node*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:913
#1 0x133f7d9 in merge_object_sizes(object_size_info*, tree_node*,
tree_node*, unsigned long)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:745
#2 0x133d495 in collect_object_sizes_for(object_size_info*, tree_node*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:956
#3 0x13363b3 in compute_builtin_object_size(tree_node*, int)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:539
#4 0x7f8a05 in fold_builtin_object_size(tree_node*, tree_node*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/builtins.c:12721
#5 0x827a3e in fold_builtin_2(unsigned int, tree_node*, tree_node*,
tree_node*, bool) /var/tmp/gcc_build_dir/gcc/../../gcc/gcc/builtins.c:10905
#6 0x82aa3e in fold_builtin_n(unsigned int, tree_node*, tree_node**, int,
bool) /var/tmp/gcc_build_dir/gcc/../../gcc/gcc/builtins.c:11118
#7 0x855478 in fold_call_stmt(gimple_statement_base*, bool)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/builtins.c:14252
#8 0x13322c8 in compute_object_sizes
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:1224
#9 0x13322c8 in (anonymous namespace)::pass_object_sizes::execute()
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:1309
#10 0xfe37f9 in execute_one_pass(opt_pass*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/passes.c:2215
#11 0xfe41b8 in execute_pass_list(opt_pass*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/passes.c:2268
#12 0xfe41de in execute_pass_list(opt_pass*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/passes.c:2269
#13 0x918b09 in expand_function(cgraph_node*)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/cgraphunit.c:1763
#14 0x91de51 in expand_all_functions
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/cgraphunit.c:1868
#15 0x91de51 in compile()
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/cgraphunit.c:2203
#16 0x91f66a in finalize_compilation_unit()
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/cgraphunit.c:2280
#17 0x5e0a6c in c_write_global_declarations()
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/c/c-decl.c:10388
#18 0x11c8c44 in compile_file()
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/toplev.c:561
#19 0x11cd6d3 in do_compile
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/toplev.c:1893
#20 0x11cd6d3 in toplev_main(int, char**)
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/toplev.c:1969
#21 0x7fde5bff3f8f in __libc_start_main (/lib/libc.so.6+0x1ff8f)
#22 0x5996d0 in _start
(/var/tmp/gcc_sani/usr/local/libexec/gcc/x86_64-unknown-linux-gnu/4.9.0/cc1+0x5996d0)
0x6180001343d8 is located 0 bytes to the right of 856-byte region
[0x618000134080,0x6180001343d8)
allocated by thread T0 here:
#0 0x7fde5c815824 in __interceptor_malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/libasan.so.1+0x38824)
#1 0x222c717 in xmalloc
/var/tmp/gcc_build_dir/libiberty/../../gcc/libiberty/xmalloc.c:147
SUMMARY: AddressSanitizer: heap-buffer-overflow
/var/tmp/gcc_build_dir/gcc/../../gcc/gcc/tree-object-size.c:913
collect_object_sizes_for(object_size_info*, tree_node*)
Shadow bytes around the buggy address:
0x0c308001e820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c308001e870: 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa
0x0c308001e880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c308001e890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308001e8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
=)94=«ORTING
next prev parent reply other threads:[~2013-12-01 19:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-27 14:24 [Bug fortran/59313] New: " ro at gcc dot gnu.org
2013-11-29 18:48 ` [Bug fortran/59313] " ubizjak at gmail dot com
2013-12-01 19:31 ` ubizjak at gmail dot com [this message]
2013-12-01 20:56 ` [Bug libfortran/59313] " uros at gcc dot gnu.org
2013-12-01 21:00 ` ubizjak at gmail dot com
2013-12-13 22:17 ` ebotcazou at gcc dot gnu.org
2014-02-22 8:56 ` ebotcazou at gcc dot gnu.org
2014-02-25 9:28 ` ro at gcc dot gnu.org
2014-03-24 0:33 ` danglin at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-59313-4-0cXCVjFN9b@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).