public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64
@ 2015-02-17 23:42 cyrilbur at gmail dot com
2015-02-17 23:43 ` [Bug c/65096] " cyrilbur at gmail dot com
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: cyrilbur at gmail dot com @ 2015-02-17 23:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
Bug ID: 65096
Summary: Illegal memory access beyond packed struct ARCH: ppc64
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: cyrilbur at gmail dot com
Created attachment 34795
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34795&action=edit
Simple test case
When a heap allocated packed struct is passed by value and the struct contains
an array the copy gets performed with a sequence of ld instructions which can
cause the a read beyond the end of the struct.
In the case of the attached example: gcc uses ld instructions to copy the char
array if it is of size other than 1, 2 or 4. Therefore the assembly is only
correct if the size of the array is a multiple of 8 chars.
System information:
I am reliably informed that it reproduces on 5.0 but I have discovered it on a
system with the following versions.
builder:~ $ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/ppc64-redhat-linux/4.8.3/lto-wrapper
Target: ppc64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla
--enable-bootstrap --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-gnu-unique-object
--enable-linker-build-id --with-linker-hash-style=gnu
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin
--enable-initfini-array --enable-java-awt=gtk --disable-dssi
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-isl=/builddir/build/BUILD/gcc-4.8.3-20140624/obj-ppc64-redhat-linux/isl-install
--with-cloog=/builddir/build/BUILD/gcc-4.8.3-20140624/obj-ppc64-redhat-linux/cloog-install
--enable-secureplt --with-long-double-128 --build=ppc64-redhat-linux
Thread model: posix
gcc version 4.8.3 20140624 (Red Hat 4.8.3-1) (GCC)
builder:~ $ valgrind --version
valgrind-3.8.1
To confirm:
Compile with `gcc gcc_test.c` and run the binary through valgrind `valgrind
./a.out`. Valgrind will report invalid read of size 8.
I have a attached a .i and also a simple example .c
Work arounds:
Pass the struct from the stack.
I have documented some of my debugging in the .c.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/65096] Illegal memory access beyond packed struct ARCH: ppc64
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
@ 2015-02-17 23:43 ` cyrilbur at gmail dot com
2015-02-18 8:23 ` [Bug target/65096] " karlowatz_chris at hotmail dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: cyrilbur at gmail dot com @ 2015-02-17 23:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
--- Comment #1 from Cyril Bur <cyrilbur at gmail dot com> ---
Created attachment 34796
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34796&action=edit
Preprocessed version of the simple test case
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
2015-02-17 23:43 ` [Bug c/65096] " cyrilbur at gmail dot com
@ 2015-02-18 8:23 ` karlowatz_chris at hotmail dot com
2015-09-30 3:09 ` ramana at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: karlowatz_chris at hotmail dot com @ 2015-02-18 8:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
Chris <karlowatz_chris at hotmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |karlowatz_chris at hotmail dot com
--- Comment #2 from Chris <karlowatz_chris at hotmail dot com> ---
LOLOLOL Noob(In reply to Cyril Bur from comment #1)
> Created attachment 34796 [details]
> Preprocessed version of the simple test case
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
2015-02-17 23:43 ` [Bug c/65096] " cyrilbur at gmail dot com
2015-02-18 8:23 ` [Bug target/65096] " karlowatz_chris at hotmail dot com
@ 2015-09-30 3:09 ` ramana at gcc dot gnu.org
2015-09-30 3:25 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: ramana at gcc dot gnu.org @ 2015-09-30 3:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
Ramana Radhakrishnan <ramana at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target|aarch64 |aarch64, ppc64
CC| |ramana at gcc dot gnu.org
--- Comment #3 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
Andrew,
Did you manage to reproduce this on aarch64 or did you really mean ppc64 in
target ?
Ramana
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
` (2 preceding siblings ...)
2015-09-30 3:09 ` ramana at gcc dot gnu.org
@ 2015-09-30 3:25 ` pinskia at gcc dot gnu.org
2015-09-30 3:27 ` pinskia at gcc dot gnu.org
2015-09-30 3:28 ` pinskia at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu.org @ 2015-09-30 3:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Ramana Radhakrishnan from comment #3)
> Andrew,
>
> Did you manage to reproduce this on aarch64 or did you really mean ppc64 in
> target ?
I most likely just meant ppc64 (I had aarch64 on the mind when I was touching
this bug).
But I think there is another bug just like this floating around in the system.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
` (3 preceding siblings ...)
2015-09-30 3:25 ` pinskia at gcc dot gnu.org
@ 2015-09-30 3:27 ` pinskia at gcc dot gnu.org
2015-09-30 3:28 ` pinskia at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu.org @ 2015-09-30 3:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is most likely fixed for 5.2 also.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
` (4 preceding siblings ...)
2015-09-30 3:27 ` pinskia at gcc dot gnu.org
@ 2015-09-30 3:28 ` pinskia at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu.org @ 2015-09-30 3:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096
--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #5)
> This is most likely fixed for 5.2 also.
See PR 65408.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-09-30 3:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-17 23:42 [Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64 cyrilbur at gmail dot com
2015-02-17 23:43 ` [Bug c/65096] " cyrilbur at gmail dot com
2015-02-18 8:23 ` [Bug target/65096] " karlowatz_chris at hotmail dot com
2015-09-30 3:09 ` ramana at gcc dot gnu.org
2015-09-30 3:25 ` pinskia at gcc dot gnu.org
2015-09-30 3:27 ` pinskia at gcc dot gnu.org
2015-09-30 3:28 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).