[Bug c++/63489] New: stack allocated array pointer corrupted

[Bug c++/63489] New: stack allocated array pointer corrupted

[jonathan.hogg at stfc dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489

            Bug ID: 63489
           Summary: stack allocated array pointer corrupted
           Product: gcc
           Version: 4.8.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jonathan.hogg at stfc dot ac.uk

Created attachment 33667
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33667&action=edit
test case

The attached code, when compiled as
g++ -g -O2 testcase.cxx  -o testcase && ./testcase

and run, produces:
Try 0x7fff1cbe0a00 0x7fff1cbe0a00
Perm exit:  0 1 2 3 4 5 6 7
GO 0x7fff1cbe0a00
Try2 0x100000000 0x100000000 
Segmentation fault


g++ --version:
g++ (Ubuntu 4.8.2-19ubuntu1) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


The lines "Try" and "Try2" should be identical, as they refer to the same
stack-allocated array perm[]. Running under valgrind is clean until the last
line of ldlt_test() is encountered (which is clearly a segfault as perm is a
bad pointer).

Compiling without -O2 changes something, and the code crashes differently. I
can supply a larger test case (from which this was created) that shuold produce
meaningful answers if the code works correctly, but it will need to be provided
privately for IP reasons.

[Bug c++/63489] stack allocated array pointer corrupted

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
That was pretty easily found with -fsanitize=address

[Bug c++/63489] stack allocated array pointer corrupted

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Do you have a testcase that doesn't exhibit obvious undefined behaviour that's
easily pointed out with -Wall, such as dividing by uninitialized values?

There's a buffer overflow here:

      for(int i=0; i<2; i++) invp[oldp[i]] = i;

Try adding an assertion that oldp[i] is in range.

[Bug c++/63489] stack allocated array pointer corrupted

[jonathan.hogg at stfc dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489

--- Comment #3 from Jonathan Hogg <jonathan.hogg at stfc dot ac.uk> ---
Confirmed, this is the cause is the larger example as well. I had missed the
introduction of -fsanitize=address, useful feature. I'd assumed something like
that valgrind would have picked up for me however!

[Bug c++/63489] stack allocated array pointer corrupted

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489

--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
I think valgrind only checks heap memory, so doesn't help for buffer overflows
on the stack.