From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 42744 invoked by alias); 11 Apr 2015 17:45:22 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 42663 invoked by uid 48); 11 Apr 2015 17:45:17 -0000 From: "bernd.edlinger at hotmail dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/64078] FAIL: c-c++-common/ubsan/object-size-9.c Date: Sat, 11 Apr 2015 17:45:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 5.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: bernd.edlinger at hotmail dot de X-Bugzilla-Status: NEW X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-04/txt/msg00962.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64078 --- Comment #8 from Bernd Edlinger --- (In reply to vries from comment #7) > Created attachment 35215 [details] > relevant bit of gcc.log > > > Next time I encounter it, I'll try to post the full FAIL message > > I ran into this while testing an AFAIU unrelated patch. > > I suppose the output scan fails because of the '' > messages. I have no idea whether those messages indicate a problem, or are > harmless. I think you are right! I tried this: gcc -O2 -g -fsanitize=undefined object-size-9.c ./a.out object-size-9.c:21:10: runtime error: load of address 0x7ffeddb0a16c with insufficient space for an object of type 'char' 0x7ffeddb0a16c: note: pointer points here 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c5 9e 33 c2 de 7f 00 00 00 00 00 00 00 00 00 00 ^ object-size-9.c:64:13: runtime error: index 12 out of bounds for type 'U [10]' object-size-9.c:64:16: runtime error: load of address 0x000000600ff0 with insufficient space for an object of type 'unsigned int' 0x000000600ff0: note: pointer points here object-size-9.c:78:11: runtime error: load of address 0x000000600ff0 with insufficient space for an object of type 'unsigned int' 0x000000600ff0: note: pointer points here BUT if I do gdb ./a.out GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./a.out...done. (gdb) r Starting program: /home/ed/gnu/gcc-test/a.out [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". warning: File "/home/ed/gnu/install/lib64/libstdc++.so.6.0.21-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load". To enable execution of this file add add-auto-load-safe-path /home/ed/gnu/install/lib64/libstdc++.so.6.0.21-gdb.py line to your configuration file "/home/ed/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/ed/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" object-size-9.c:21:10: runtime error: load of address 0x7fffffffdeec with insufficient space for an object of type 'char' 0x7fffffffdeec: note: pointer points here 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c5 8e d2 f6 ff 7f 00 00 00 00 00 00 00 00 00 00 ^ object-size-9.c:64:13: runtime error: index 12 out of bounds for type 'U [10]' object-size-9.c:64:16: runtime error: load of address 0x000000600ff0 with insufficient space for an object of type 'unsigned int' 0x000000600ff0: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 1c 01 00 ^ object-size-9.c:78:11: runtime error: load of address 0x000000600ff0 with insufficient space for an object of type 'unsigned int' 0x000000600ff0: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 1c 01 00 ^ [Inferior 1 (process 27836) exited normally] (gdb) the address stays the same, it is after the end of "s" but close to the next page boundary. depending on the different environment the output varies, one or two lines. I assume the output of the memory content would crash if it is so close to a page boundary?