public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/63316] New: [5.0 Regression] False asan positive
@ 2014-09-20 7:12 Joost.VandeVondele at mat dot ethz.ch
2014-09-20 7:14 ` [Bug sanitizer/63316] " Joost.VandeVondele at mat dot ethz.ch
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Joost.VandeVondele at mat dot ethz.ch @ 2014-09-20 7:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316
Bug ID: 63316
Summary: [5.0 Regression] False asan positive
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: Joost.VandeVondele at mat dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
In the one day between r215373 and r215412 asan detects an heap-buffer-overflow
for the testcase below. This only happens when compiled >O0. valgrind reports
nothing.
> cat bug.f90
MODULE M1
IMPLICIT NONE
TYPE T1
LOGICAL :: a,b,c
INTEGER, POINTER :: common_pos
END TYPE T1
END MODULE M1
MODULE M2
USE M1
IMPLICIT NONE
INTEGER, PRIVATE, POINTER, SAVE :: foo
CONTAINS
SUBROUTINE S1(iterator)
TYPE(T1), INTENT(OUT) :: iterator
NULLIFY(iterator%common_pos)
IF (iterator%a) THEN
ALLOCATE(iterator%common_pos)
foo => iterator%common_pos
foo = 0
END IF
END SUBROUTINE S1
END MODULE M2
USE M1
USE M2
TYPE(T1), POINTER :: iterator
ALLOCATE(iterator)
iterator%a=.TRUE.
CALL S1(iterator)
END
> gfortran -fsanitize=address -fno-omit-frame-pointer -g -O1 -march=native -ffree-form bug.f90 && ./a.out
=================================================================
==66541==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000ef90 at pc 0x400b1a bp 0x7fffcd4a56f0 sp 0x7fffcd4a56e8
WRITE of size 4 at 0x60200000ef90 thread T0
#0 0x400b19 in __m2_MOD_s1 /data/vjoost/gnu/bugs/bug.f90:19
#1 0x400b8c in MAIN__ /data/vjoost/gnu/bugs/bug.f90:29
#2 0x400b8c in main /data/vjoost/gnu/bugs/bug.f90:24
#3 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c)
#4 0x400978 (/data/vjoost/gnu/bugs/a.out+0x400978)
0x60200000ef90 is located 0 bytes inside of 4-byte region
[0x60200000ef90,0x60200000ef94)
allocated by thread T0 here:
#0 0x7f252ce9f309 in __interceptor_malloc
../../../../gcc/libsanitizer/asan/asan_malloc_linux.cc:73
#1 0x400ac5 in __m2_MOD_s1 /data/vjoost/gnu/bugs/bug.f90:17
#2 0x400b8c in MAIN__ /data/vjoost/gnu/bugs/bug.f90:29
#3 0x400b8c in main /data/vjoost/gnu/bugs/bug.f90:24
#4 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c)
SUMMARY: AddressSanitizer: heap-buffer-overflow
/data/vjoost/gnu/bugs/bug.f90:19 __m2_MOD_s1
Shadow bytes around the buggy address:
0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9df0: fa fa[04]fa fa fa 07 fa fa fa 07 fa fa fa 06 fa
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
==66541==ABORTING
vjoost@nanosim-s01.ethz.ch:/data/vjoost/gnu/bugs>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/63316] [5.0 Regression] False asan positive
2014-09-20 7:12 [Bug sanitizer/63316] New: [5.0 Regression] False asan positive Joost.VandeVondele at mat dot ethz.ch
@ 2014-09-20 7:14 ` Joost.VandeVondele at mat dot ethz.ch
2014-09-20 11:56 ` dominiq at lps dot ens.fr
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Joost.VandeVondele at mat dot ethz.ch @ 2014-09-20 7:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316
Joost VandeVondele <Joost.VandeVondele at mat dot ethz.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Joost.VandeVondele at mat dot ethz
| |.ch, m.zakirov at samsung dot com
--- Comment #1 from Joost VandeVondele <Joost.VandeVondele at mat dot ethz.ch> ---
possibly r215380 ?
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/63316] [5.0 Regression] False asan positive
2014-09-20 7:12 [Bug sanitizer/63316] New: [5.0 Regression] False asan positive Joost.VandeVondele at mat dot ethz.ch
2014-09-20 7:14 ` [Bug sanitizer/63316] " Joost.VandeVondele at mat dot ethz.ch
@ 2014-09-20 11:56 ` dominiq at lps dot ens.fr
2014-09-22 10:21 ` rguenth at gcc dot gnu.org
2014-09-24 9:14 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dominiq at lps dot ens.fr @ 2014-09-20 11:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-09-20
Ever confirmed|0 |1
--- Comment #2 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> possibly r215380 ?
It is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/63316] [5.0 Regression] False asan positive
2014-09-20 7:12 [Bug sanitizer/63316] New: [5.0 Regression] False asan positive Joost.VandeVondele at mat dot ethz.ch
2014-09-20 7:14 ` [Bug sanitizer/63316] " Joost.VandeVondele at mat dot ethz.ch
2014-09-20 11:56 ` dominiq at lps dot ens.fr
@ 2014-09-22 10:21 ` rguenth at gcc dot gnu.org
2014-09-24 9:14 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-09-22 10:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |5.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug sanitizer/63316] [5.0 Regression] False asan positive
2014-09-20 7:12 [Bug sanitizer/63316] New: [5.0 Regression] False asan positive Joost.VandeVondele at mat dot ethz.ch
` (2 preceding siblings ...)
2014-09-22 10:21 ` rguenth at gcc dot gnu.org
@ 2014-09-24 9:14 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2014-09-24 9:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Author: jakub
Date: Wed Sep 24 09:14:17 2014
New Revision: 215547
URL: https://gcc.gnu.org/viewcvs?rev=215547&root=gcc&view=rev
Log:
PR sanitizer/63316
* asan.c (asan_expand_check_ifn): Fix up align >= 8 optimization.
* c-c++-common/asan/pr63316.c: New test.
Added:
trunk/gcc/testsuite/c-c++-common/asan/pr63316.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/asan.c
trunk/gcc/testsuite/ChangeLog
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-09-24 9:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-20 7:12 [Bug sanitizer/63316] New: [5.0 Regression] False asan positive Joost.VandeVondele at mat dot ethz.ch
2014-09-20 7:14 ` [Bug sanitizer/63316] " Joost.VandeVondele at mat dot ethz.ch
2014-09-20 11:56 ` dominiq at lps dot ens.fr
2014-09-22 10:21 ` rguenth at gcc dot gnu.org
2014-09-24 9:14 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).