public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug c++/63489] New: stack allocated array pointer corrupted @ 2014-10-08 16:01 jonathan.hogg at stfc dot ac.uk 2014-10-08 17:53 ` [Bug c++/63489] " redi at gcc dot gnu.org ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: jonathan.hogg at stfc dot ac.uk @ 2014-10-08 16:01 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489 Bug ID: 63489 Summary: stack allocated array pointer corrupted Product: gcc Version: 4.8.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: jonathan.hogg at stfc dot ac.uk Created attachment 33667 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33667&action=edit test case The attached code, when compiled as g++ -g -O2 testcase.cxx -o testcase && ./testcase and run, produces: Try 0x7fff1cbe0a00 0x7fff1cbe0a00 Perm exit: 0 1 2 3 4 5 6 7 GO 0x7fff1cbe0a00 Try2 0x100000000 0x100000000 Segmentation fault g++ --version: g++ (Ubuntu 4.8.2-19ubuntu1) 4.8.2 Copyright (C) 2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. The lines "Try" and "Try2" should be identical, as they refer to the same stack-allocated array perm[]. Running under valgrind is clean until the last line of ldlt_test() is encountered (which is clearly a segfault as perm is a bad pointer). Compiling without -O2 changes something, and the code crashes differently. I can supply a larger test case (from which this was created) that shuold produce meaningful answers if the code works correctly, but it will need to be provided privately for IP reasons. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/63489] stack allocated array pointer corrupted 2014-10-08 16:01 [Bug c++/63489] New: stack allocated array pointer corrupted jonathan.hogg at stfc dot ac.uk @ 2014-10-08 17:53 ` redi at gcc dot gnu.org 2014-10-08 17:53 ` redi at gcc dot gnu.org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2014-10-08 17:53 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489 --- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> --- That was pretty easily found with -fsanitize=address ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/63489] stack allocated array pointer corrupted 2014-10-08 16:01 [Bug c++/63489] New: stack allocated array pointer corrupted jonathan.hogg at stfc dot ac.uk 2014-10-08 17:53 ` [Bug c++/63489] " redi at gcc dot gnu.org @ 2014-10-08 17:53 ` redi at gcc dot gnu.org 2014-10-09 8:28 ` jonathan.hogg at stfc dot ac.uk 2014-10-09 12:36 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2014-10-08 17:53 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489 Jonathan Wakely <redi at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> --- Do you have a testcase that doesn't exhibit obvious undefined behaviour that's easily pointed out with -Wall, such as dividing by uninitialized values? There's a buffer overflow here: for(int i=0; i<2; i++) invp[oldp[i]] = i; Try adding an assertion that oldp[i] is in range. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/63489] stack allocated array pointer corrupted 2014-10-08 16:01 [Bug c++/63489] New: stack allocated array pointer corrupted jonathan.hogg at stfc dot ac.uk 2014-10-08 17:53 ` [Bug c++/63489] " redi at gcc dot gnu.org 2014-10-08 17:53 ` redi at gcc dot gnu.org @ 2014-10-09 8:28 ` jonathan.hogg at stfc dot ac.uk 2014-10-09 12:36 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: jonathan.hogg at stfc dot ac.uk @ 2014-10-09 8:28 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489 --- Comment #3 from Jonathan Hogg <jonathan.hogg at stfc dot ac.uk> --- Confirmed, this is the cause is the larger example as well. I had missed the introduction of -fsanitize=address, useful feature. I'd assumed something like that valgrind would have picked up for me however! ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/63489] stack allocated array pointer corrupted 2014-10-08 16:01 [Bug c++/63489] New: stack allocated array pointer corrupted jonathan.hogg at stfc dot ac.uk ` (2 preceding siblings ...) 2014-10-09 8:28 ` jonathan.hogg at stfc dot ac.uk @ 2014-10-09 12:36 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2014-10-09 12:36 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63489 --- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> --- I think valgrind only checks heap memory, so doesn't help for buffer overflows on the stack. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-10-09 12:36 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-10-08 16:01 [Bug c++/63489] New: stack allocated array pointer corrupted jonathan.hogg at stfc dot ac.uk 2014-10-08 17:53 ` [Bug c++/63489] " redi at gcc dot gnu.org 2014-10-08 17:53 ` redi at gcc dot gnu.org 2014-10-09 8:28 ` jonathan.hogg at stfc dot ac.uk 2014-10-09 12:36 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).