public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/63316] New: [5.0 Regression] False asan positive
@ 2014-09-20  7:12 Joost.VandeVondele at mat dot ethz.ch
  2014-09-20  7:14 ` [Bug sanitizer/63316] " Joost.VandeVondele at mat dot ethz.ch
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Joost.VandeVondele at mat dot ethz.ch @ 2014-09-20  7:12 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316

            Bug ID: 63316
           Summary: [5.0 Regression] False asan positive
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: Joost.VandeVondele at mat dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org

In the one day between r215373 and r215412 asan detects an heap-buffer-overflow
for the testcase below. This only happens when compiled >O0. valgrind reports
nothing. 

> cat bug.f90
MODULE M1
 IMPLICIT NONE
 TYPE T1
    LOGICAL :: a,b,c
    INTEGER, POINTER :: common_pos
 END TYPE T1
END MODULE M1
MODULE M2
 USE M1
 IMPLICIT NONE
 INTEGER, PRIVATE, POINTER, SAVE :: foo
CONTAINS
 SUBROUTINE S1(iterator) 
    TYPE(T1), INTENT(OUT) :: iterator
    NULLIFY(iterator%common_pos)
    IF (iterator%a) THEN
       ALLOCATE(iterator%common_pos)
       foo => iterator%common_pos
       foo = 0  
    END IF
 END SUBROUTINE S1
END MODULE M2

  USE M1
  USE M2
  TYPE(T1), POINTER :: iterator
  ALLOCATE(iterator)
  iterator%a=.TRUE.
  CALL S1(iterator)
END

> gfortran -fsanitize=address -fno-omit-frame-pointer -g -O1 -march=native -ffree-form bug.f90 && ./a.out
=================================================================
==66541==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000ef90 at pc 0x400b1a bp 0x7fffcd4a56f0 sp 0x7fffcd4a56e8
WRITE of size 4 at 0x60200000ef90 thread T0
    #0 0x400b19 in __m2_MOD_s1 /data/vjoost/gnu/bugs/bug.f90:19
    #1 0x400b8c in MAIN__ /data/vjoost/gnu/bugs/bug.f90:29
    #2 0x400b8c in main /data/vjoost/gnu/bugs/bug.f90:24
    #3 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c)
    #4 0x400978 (/data/vjoost/gnu/bugs/a.out+0x400978)

0x60200000ef90 is located 0 bytes inside of 4-byte region
[0x60200000ef90,0x60200000ef94)
allocated by thread T0 here:
    #0 0x7f252ce9f309 in __interceptor_malloc
../../../../gcc/libsanitizer/asan/asan_malloc_linux.cc:73
    #1 0x400ac5 in __m2_MOD_s1 /data/vjoost/gnu/bugs/bug.f90:17
    #2 0x400b8c in MAIN__ /data/vjoost/gnu/bugs/bug.f90:29
    #3 0x400b8c in main /data/vjoost/gnu/bugs/bug.f90:24
    #4 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c)

SUMMARY: AddressSanitizer: heap-buffer-overflow
/data/vjoost/gnu/bugs/bug.f90:19 __m2_MOD_s1
Shadow bytes around the buggy address:
  0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9df0: fa fa[04]fa fa fa 07 fa fa fa 07 fa fa fa 06 fa
  0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==66541==ABORTING
vjoost@nanosim-s01.ethz.ch:/data/vjoost/gnu/bugs>


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-09-24  9:14 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-20  7:12 [Bug sanitizer/63316] New: [5.0 Regression] False asan positive Joost.VandeVondele at mat dot ethz.ch
2014-09-20  7:14 ` [Bug sanitizer/63316] " Joost.VandeVondele at mat dot ethz.ch
2014-09-20 11:56 ` dominiq at lps dot ens.fr
2014-09-22 10:21 ` rguenth at gcc dot gnu.org
2014-09-24  9:14 ` jakub at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).