public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug other/61016] New: use of uninitialized memory in gcc/config/i386/i386.c
@ 2014-04-30 14:26 kcc at gcc dot gnu.org
2014-05-06 11:34 ` [Bug other/61016] " kcc at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: kcc at gcc dot gnu.org @ 2014-04-30 14:26 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61016
Bug ID: 61016
Summary: use of uninitialized memory in gcc/config/i386/i386.c
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: kcc at gcc dot gnu.org
CC: eugeni.stepanov at gmail dot com
Created attachment 32715
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=32715&action=edit
z.cc
This is revision 209930 on x86_64 Linux.
% valgrind --track-origins=yes gcc/cc1plus -quiet z.cc -O2 -o /dev/null
==12029== Conditional jump or move depends on uninitialised value(s)
==12029== at 0xDBEF66: classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int) (gcc/config/i386/i386.c:6361)
==12029== by 0xDBF2D4: classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int) (gcc/config/i386/i386.c:6501)
==12029== by 0xDBA097: ix86_function_arg_advance(cumulative_args_t,
machine_mode, tree_node const*, bool) (gcc/config/i386/i386.c:6818)
==12029== by 0x92B40A: gimplify_parameters() (gcc/function.c:3624)
==12029== by 0x978AEA: gimplify_body(tree_node*, bool) (gcc/gimplify.c:8620)
==12029== by 0x9794AC: gimplify_function_tree(tree_node*)
(gcc/gimplify.c:8777)
==12029== by 0x7EBC14: analyze_function(cgraph_node*) (gcc/cgraphunit.c:649)
==12029== by 0x7EECD2: analyze_functions() (gcc/cgraphunit.c:1017)
==12029== by 0x7EEACB: finalize_compilation_unit() (gcc/cgraphunit.c:2320)
==12029== by 0x5E67D3: cp_write_global_declarations() (gcc/cp/decl2.c:4619)
==12029== by 0xB19A20: compile_file() (gcc/toplev.c:562)
==12029== by 0xB197D7: toplev_main(int, char**) (gcc/toplev.c:1914)
==12029== Uninitialised value was created by a stack allocation
==12029== at 0xDBE920: classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int) (gcc/config/i386/i386.c:6412)
The bug was initially detected by MemorySanitizer (which is a bit trickier to
use with gcc at the moment)
==5348== WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7f265400f64d in merge_classes(x86_64_reg_class, x86_64_reg_class)
gcc/config/i386/i386.c:6361
#1 0x7f265400f64d in classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int) gcc/config/i386/i386.c:6557
#2 0x7f265400dbfa in classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int) gcc/config/i386/i386.c:6501
#3 0x7f2653fef8fc in examine_argument(machine_mode, tree_node const*, int,
int*, int*) gcc/config/i386/i386.c:6817
#4 0x7f2653fef8fc in function_arg_advance_64(ix86_args*, machine_mode,
tree_node const*, long, bool) gcc/config/i386/i386.c:7199
#5 0x7f2653fef8fc in ix86_function_arg_advance(cumulative_args_t,
machine_mode, tree_node const*, bool) gcc/config/i386/i386.c:7253
#6 0x7f26523a1ae1 in gimplify_parameters() gcc/function.c:3624
#7 0x7f2652594737 in gimplify_body(tree_node*, bool) gcc/gimplify.c:8620
#8 0x7f2652598479 in gimplify_function_tree(tree_node*) gcc/gimplify.c:8777
#9 0x7f2651bee7db in analyze_function(cgraph_node*) gcc/cgraphunit.c:649
#10 0x7f2651c01aa1 in analyze_functions() gcc/cgraphunit.c:1017
#11 0x7f2651c01088 in finalize_compilation_unit() gcc/cgraphunit.c:2320
#12 0x7f2650f8da6e in cp_write_global_declarations() gcc/cp/decl2.c:4619
#13 0x7f2652fa249d in compile_file() gcc/toplev.c:562
#14 0x7f2652fa06ff in do_compile() gcc/toplev.c:1914
#15 0x7f2652fa06ff in toplev_main(int, char**) gcc/toplev.c:1990
#16 0x7f26552563b3 in main gcc/main.c:36
#17 0x7f264f30276c in __libc_start_main
/build/buildd/eglibc-2.15/csu/libc-start.c:226
#18 0x7f26509f8960 in _start
(/usr/local/google/ssd/msan-gcc/inst/libexec/gcc/x86_64-unknown-linux-gnu/4.10.0/cc1plus+0x2f4960)
Uninitialized value was created by an allocation of 'subclasses' in the stack
frame of function 'classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int)'
#0 0x7f265400a310 in classify_argument(machine_mode, tree_node const*,
x86_64_reg_class*, int) gcc/config/i386/i386.c:6412
Confirmed by printf:
Index: gcc/config/i386/i386.c
===================================================================
--- gcc/config/i386/i386.c (revision 209930)
+++ gcc/config/i386/i386.c (working copy)
@@ -6428,6 +6428,7 @@
int i;
tree field;
enum x86_64_reg_class subclasses[MAX_CLASSES];
+ subclasses[1] = (enum x86_64_reg_class)0xab;
/* On x86-64 we pass structures larger than 64 bytes on the stack. */
if (bytes > 64)
@@ -6553,8 +6554,10 @@
bit_offset);
if (!num)
return 0;
- for (i = 0; i < num; i++)
+ for (i = 0; i < num; i++) {
+ fprintf(stderr, "ZZZ[%d] %x\n", i, classes[i]);
classes[i] = merge_classes (subclasses[i], classes[i]);
+ }
}
}
break;
ZZZ[0] 0
ZZZ[1] ab <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/61016] use of uninitialized memory in gcc/config/i386/i386.c
2014-04-30 14:26 [Bug other/61016] New: use of uninitialized memory in gcc/config/i386/i386.c kcc at gcc dot gnu.org
@ 2014-05-06 11:34 ` kcc at gcc dot gnu.org
2014-05-06 11:45 ` kcc at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: kcc at gcc dot gnu.org @ 2014-05-06 11:34 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61016
--- Comment #1 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
Slightly more reduced test:
template <typename T>
struct vector {
void resize(int, T = T()) {}
};
class UnknownField;
class UnknownFieldSet {
void DeleteByNumber (int);
vector < UnknownField > *fields_;
};
class UnknownField {
long a;
union {
void *b;
};
};
void UnknownFieldSet::DeleteByNumber (int) {
fields_->resize (0);
}
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/61016] use of uninitialized memory in gcc/config/i386/i386.c
2014-04-30 14:26 [Bug other/61016] New: use of uninitialized memory in gcc/config/i386/i386.c kcc at gcc dot gnu.org
2014-05-06 11:34 ` [Bug other/61016] " kcc at gcc dot gnu.org
@ 2014-05-06 11:45 ` kcc at gcc dot gnu.org
2014-07-10 11:44 ` kcc at gcc dot gnu.org
2014-07-10 15:28 ` ubizjak at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: kcc at gcc dot gnu.org @ 2014-05-06 11:45 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61016
Kostya Serebryany <kcc at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu.org
--- Comment #2 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
"svn blame" tells that the uninitialized array was introduced by hubicka@:
45726 hubicka enum x86_64_reg_class subclasses[MAX_CLASSES];
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/61016] use of uninitialized memory in gcc/config/i386/i386.c
2014-04-30 14:26 [Bug other/61016] New: use of uninitialized memory in gcc/config/i386/i386.c kcc at gcc dot gnu.org
2014-05-06 11:34 ` [Bug other/61016] " kcc at gcc dot gnu.org
2014-05-06 11:45 ` kcc at gcc dot gnu.org
@ 2014-07-10 11:44 ` kcc at gcc dot gnu.org
2014-07-10 15:28 ` ubizjak at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: kcc at gcc dot gnu.org @ 2014-07-10 11:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61016
--- Comment #3 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
Ping. Any interest?
The bug is still present in r212279
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/61016] use of uninitialized memory in gcc/config/i386/i386.c
2014-04-30 14:26 [Bug other/61016] New: use of uninitialized memory in gcc/config/i386/i386.c kcc at gcc dot gnu.org
` (2 preceding siblings ...)
2014-07-10 11:44 ` kcc at gcc dot gnu.org
@ 2014-07-10 15:28 ` ubizjak at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2014-07-10 15:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61016
Uroš Bizjak <ubizjak at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #4 from Uroš Bizjak <ubizjak at gmail dot com> ---
This is handled in PR 61656.
*** This bug has been marked as a duplicate of bug 61656 ***
>From gcc-bugs-return-456063-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Jul 10 15:28:23 2014
Return-Path: <gcc-bugs-return-456063-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 9045 invoked by alias); 10 Jul 2014 15:28:22 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 8793 invoked by uid 48); 10 Jul 2014 15:28:14 -0000
From: "ubizjak at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/61656] Undefined behavior in classify_argument
Date: Thu, 10 Jul 2014 15:28:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 4.10.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: ubizjak at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-61656-4-FJ2P0maTwo@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-61656-4@http.gcc.gnu.org/bugzilla/>
References: <bug-61656-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-07/txt/msg00654.txt.bz2
Content-length: 443
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61656
Uroš Bizjak <ubizjak at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kcc at gcc dot gnu.org
--- Comment #2 from Uroš Bizjak <ubizjak at gmail dot com> ---
*** Bug 61016 has been marked as a duplicate of this bug. ***
>From gcc-bugs-return-456065-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Jul 10 15:30:53 2014
Return-Path: <gcc-bugs-return-456065-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 15287 invoked by alias); 10 Jul 2014 15:30:53 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 14830 invoked by uid 48); 10 Jul 2014 15:30:42 -0000
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/61656] Undefined behavior in classify_argument
Date: Thu, 10 Jul 2014 15:30:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 4.10.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jakub at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-61656-4-BJImZ03P9I@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-61656-4@http.gcc.gnu.org/bugzilla/>
References: <bug-61656-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-07/txt/msg00656.txt.bz2
Content-length: 203
https://gcc.gnu.org/bugzilla/show_bug.cgi?ida656
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
So, are you ok with the #c0 pseudo patch? I guess I can bootstrap/regtest it
today.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-07-10 15:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-30 14:26 [Bug other/61016] New: use of uninitialized memory in gcc/config/i386/i386.c kcc at gcc dot gnu.org
2014-05-06 11:34 ` [Bug other/61016] " kcc at gcc dot gnu.org
2014-05-06 11:45 ` kcc at gcc dot gnu.org
2014-07-10 11:44 ` kcc at gcc dot gnu.org
2014-07-10 15:28 ` ubizjak at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).