public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/62216] New: UBSan can read past valid memory region
@ 2014-08-21 13:22 y.gribov at samsung dot com
2014-08-21 13:27 ` [Bug sanitizer/62216] " mpolacek at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: y.gribov at samsung dot com @ 2014-08-21 13:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62216
Bug ID: 62216
Summary: UBSan can read past valid memory region
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: y.gribov at samsung dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
hjl.tools at gmail dot com, jakub at gcc dot gnu.org,
kcc at gcc dot gnu.org, polacek at redhat dot com
It looks like currently when reporting context for memory-related errors, UBSan
may read past the end of valid memory region causing segfaults. The related
code is in renderMemorySnippet (in ubsan_diag.cc):
// Emit data.
for (uptr P = Min; P != Max; ++P) {
// FIXME: Check that the address is readable before printing it.
unsigned char C = *reinterpret_cast<const unsigned char*>(P);
Printf("%s%02x", (P % 8 == 0) ? " " : " ", C);
}
Printf("\n");
Here Max is usually Addr + 28 thus potentially overflowing valid memory range.
Unfortunately I don't have a proper reprocase because the error does not
reproduce on current GCC trunk on x64. But this does appear in our autotests
e.g. see https://gcc.gnu.org/ml/gcc-testresults/2014-08/msg02038.html :
FAIL: c-c++-common/ubsan/align-4.c -O2 -flto -fuse-linker-plugin
-fno-fat-lto-objects execution test
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/62216] UBSan can read past valid memory region
2014-08-21 13:22 [Bug sanitizer/62216] New: UBSan can read past valid memory region y.gribov at samsung dot com
@ 2014-08-21 13:27 ` mpolacek at gcc dot gnu.org
2014-08-21 13:54 ` y.gribov at samsung dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-08-21 13:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62216
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mpolacek at gcc dot gnu.org
--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Since this is a part of libubsan, it should probably be fixed upstream - that
is in the LLVM repo.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/62216] UBSan can read past valid memory region
2014-08-21 13:22 [Bug sanitizer/62216] New: UBSan can read past valid memory region y.gribov at samsung dot com
2014-08-21 13:27 ` [Bug sanitizer/62216] " mpolacek at gcc dot gnu.org
@ 2014-08-21 13:54 ` y.gribov at samsung dot com
2014-08-21 14:00 ` y.gribov at samsung dot com
2015-05-20 13:13 ` mpolacek at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: y.gribov at samsung dot com @ 2014-08-21 13:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62216
--- Comment #2 from Yury Gribov <y.gribov at samsung dot com> ---
Ok, I'll fw this to their tracker.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/62216] UBSan can read past valid memory region
2014-08-21 13:22 [Bug sanitizer/62216] New: UBSan can read past valid memory region y.gribov at samsung dot com
2014-08-21 13:27 ` [Bug sanitizer/62216] " mpolacek at gcc dot gnu.org
2014-08-21 13:54 ` y.gribov at samsung dot com
@ 2014-08-21 14:00 ` y.gribov at samsung dot com
2015-05-20 13:13 ` mpolacek at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: y.gribov at samsung dot com @ 2014-08-21 14:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62216
--- Comment #3 from Yury Gribov <y.gribov at samsung dot com> ---
Reported upstream: http://llvm.org/bugs/show_bug.cgi?id=20721
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/62216] UBSan can read past valid memory region
2014-08-21 13:22 [Bug sanitizer/62216] New: UBSan can read past valid memory region y.gribov at samsung dot com
` (2 preceding siblings ...)
2014-08-21 14:00 ` y.gribov at samsung dot com
@ 2015-05-20 13:13 ` mpolacek at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-05-20 13:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62216
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
https://llvm.org/bugs/show_bug.cgi?id=20721 is fixed now, closing this one as
well.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-05-20 13:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-21 13:22 [Bug sanitizer/62216] New: UBSan can read past valid memory region y.gribov at samsung dot com
2014-08-21 13:27 ` [Bug sanitizer/62216] " mpolacek at gcc dot gnu.org
2014-08-21 13:54 ` y.gribov at samsung dot com
2014-08-21 14:00 ` y.gribov at samsung dot com
2015-05-20 13:13 ` mpolacek at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).