From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27929 invoked by alias); 17 Apr 2014 06:32:51 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 27869 invoked by uid 48); 17 Apr 2014 06:32:47 -0000 From: "y.gribov at samsung dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/60861] out of bounds access of global var in .rodata/.bss not detected Date: Thu, 17 Apr 2014 06:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 4.8.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: y.gribov at samsung dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-04/txt/msg01248.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60861 --- Comment #5 from Yury Gribov --- (In reply to Andrew Pinski from comment #4) > (In reply to Yury Gribov from comment #3) > > I can reproduce this in trunk. Looks like Asan pass works correctly but gcc > > reduces test() to 'return 1;' very early for some reason. I'll debug further. > > Most likely due to GCC optimizing the code as it knows the only value it > could be is 1. Yup, testGlobalOutOfBoundsRODATAVar[depth] is cynically folded to 1 right in the gimplifier: #0 fold_array_ctor_reference (type=0x7ffff6c93000, ctor=0x7ffff6c7ae28, offset=0, size=32, from_decl=0x7ffff6c91098) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:2994 #1 0x00000000007fbc4b in fold_ctor_reference (type=0x7ffff6c93000, ctor=0x7ffff6c7ae28, offset=0, size=32, from_decl=0x7ffff6c91098) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:3124 #2 0x00000000007fc1b4 in fold_const_aggregate_ref_1 (t=0x7ffff6c35188, valueize=0) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:3226 #3 0x00000000007fc2d7 in fold_const_aggregate_ref (t=0x7ffff6c35188) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:3248 #4 0x00000000007f2478 in maybe_fold_reference (expr=0x7ffff6c35188, is_lhs=false) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:310 #5 0x00000000007f2957 in fold_gimple_assign (si=0x7fffffffd1f0) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:377 #6 0x00000000007f57a2 in fold_stmt_1 (gsi=0x7fffffffd1f0, inplace=false) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:1281 #7 0x00000000007f5eba in fold_stmt (gsi=0x7fffffffd1f0) at /home/ygribov/src/gcc-master/gcc/gimple-fold.c:1409 #8 0x00000000008115d1 in maybe_fold_stmt (gsi=0x7fffffffd1f0) at /home/ygribov/src/gcc-master/gcc/gimplify.c:2224 #9 0x000000000081af78 in gimplify_modify_expr (expr_p=0x7fffffffd4a8, pre_p=0x7fffffffd760, post_p=0x7fffffffd330, want_value=false) at /home/ygribov/src/gcc-master/gcc/gimplify.c:4620 #10 0x0000000000826bf4 in gimplify_expr (expr_p=0x7fffffffd4a8, pre_p=0x7fffffffd760, post_p=0x7fffffffd330, gimple_test_f=0x819e8b , fallback=0) at /home/ygribov/src/gcc-master/gcc/gimplify.c:7479 This kind of makes sense (although this optimization will break in presence of LD_PRELOAD or weak symbols). In any case optimizations like this are typical for gcc so I'm not sure there's a chance for a fix.