[Bug testsuite/63305] New: ASan reported heap-buffer-overflow in gcc.target/i386/avx256-unaligned-load{store}-7.c

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "chefmax at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug testsuite/63305] New: ASan reported heap-buffer-overflow in gcc.target/i386/avx256-unaligned-load{store}-7.c
Date: Fri, 19 Sep 2014 06:42:00 -0000	[thread overview]
Message-ID: <bug-63305-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63305

            Bug ID: 63305
           Summary: ASan reported heap-buffer-overflow in
                    gcc.target/i386/avx256-unaligned-load{store}-7.c
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: testsuite
          Assignee: unassigned at gcc dot gnu.org
          Reporter: chefmax at gcc dot gnu.org
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu
             Build: x86_64-pc-linux-gnu

ASan reported heap-buffer-overflow in
gcc.target/i386/avx256-unaligned-load{store}-7.c:

$ ~/master/gcc gcc/testsuite/gcc.target/i386/avx256-unaligned-load-7.c 
-fsanitize=address -O3 -dp -mavx -mavx256-split-unaligned-load -o
./avx256-unaligned-load-7.exe

$ ./avx256-unaligned-load-7.exe


=================================================================
==21855==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60c00000c000 at pc 0x400bcc bp 0x7fffd03d3d90 sp 0x7fffd03d3d88
WRITE of size 8 at 0x60c00000c000 thread T0
    #0 0x400bcb in do_test
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x400bcb)
    #1 0x40086f in main
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x40086f)
    #2 0x7fecbc89476c in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
    #3 0x4008c4
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x4008c4)

0x60c00000c000 is located 0 bytes to the right of 128-byte region
[0x60c00000bf80,0x60c00000c000)
allocated by thread T0 here:
    #0 0x7fecbccc5569 in __interceptor_malloc
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_malloc_linux.cc:73
    #1 0x4009bd in foo
(/home/max/build/master-x86_64/avx256-unaligned-load-7.exe+0x4009bd)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 do_test
Shadow bytes around the buggy address:
  0x0c187fff97b0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c187fff97c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c187fff97d0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c187fff97e0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c187fff97f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c187fff9800:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c187fff9850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==21855==ABORTING

Quick analysis shows that overflow happens at line 38. Perhaps allocated arrays
have wrong size.

next             reply	other threads:[~2014-09-19  6:42 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-19  6:42 chefmax at gcc dot gnu.org [this message]
2014-09-19 15:31 ` [Bug testsuite/63305] " hjl.tools at gmail dot com
2014-09-25  9:09 ` chefmax at gcc dot gnu.org
2014-09-25 15:50 ` hjl.tools at gmail dot com
2014-11-09 18:01 ` hjl at gcc dot gnu.org
2014-11-09 18:03 ` hjl.tools at gmail dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-63305-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).