[Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64

[Bug c/65096] New: Illegal memory access beyond packed struct ARCH: ppc64

[cyrilbur at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

            Bug ID: 65096
           Summary: Illegal memory access beyond packed struct ARCH: ppc64
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: cyrilbur at gmail dot com

Created attachment 34795
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34795&action=edit
Simple test case

When a heap allocated packed struct is passed by value and the struct contains
an array the copy gets performed with a sequence of ld instructions which can
cause the a read beyond the end of the struct.

In the case of the attached example: gcc uses ld instructions to copy the char
array if it is of size other than 1, 2 or 4. Therefore the assembly is only
correct if the size of the array is a multiple of 8 chars.

System information:

I am reliably informed that it reproduces on 5.0 but I have discovered it on a
system with the following versions.


builder:~ $ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/ppc64-redhat-linux/4.8.3/lto-wrapper
Target: ppc64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla
--enable-bootstrap --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-gnu-unique-object
--enable-linker-build-id --with-linker-hash-style=gnu
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin
--enable-initfini-array --enable-java-awt=gtk --disable-dssi
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-isl=/builddir/build/BUILD/gcc-4.8.3-20140624/obj-ppc64-redhat-linux/isl-install
--with-cloog=/builddir/build/BUILD/gcc-4.8.3-20140624/obj-ppc64-redhat-linux/cloog-install
--enable-secureplt --with-long-double-128 --build=ppc64-redhat-linux
Thread model: posix
gcc version 4.8.3 20140624 (Red Hat 4.8.3-1) (GCC)

builder:~ $ valgrind --version
valgrind-3.8.1

To confirm:
Compile with `gcc gcc_test.c` and run the binary through valgrind `valgrind
./a.out`. Valgrind will report invalid read of size 8.


I have a attached a .i and also a simple example .c

Work arounds:
Pass the struct from the stack.

I have documented some of my debugging in the .c.

[Bug c/65096] Illegal memory access beyond packed struct ARCH: ppc64

[cyrilbur at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

--- Comment #1 from Cyril Bur <cyrilbur at gmail dot com> ---
Created attachment 34796
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34796&action=edit
Preprocessed version of the simple test case

[Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64

[karlowatz_chris at hotmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

Chris <karlowatz_chris at hotmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |karlowatz_chris at hotmail dot com

--- Comment #2 from Chris <karlowatz_chris at hotmail dot com> ---
LOLOLOL Noob(In reply to Cyril Bur from comment #1)
> Created attachment 34796 [details]
> Preprocessed version of the simple test case

[Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64

[ramana at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

Ramana Radhakrishnan <ramana at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Target|aarch64                     |aarch64, ppc64
                 CC|                            |ramana at gcc dot gnu.org

--- Comment #3 from Ramana Radhakrishnan <ramana at gcc dot gnu.org> ---
Andrew,

Did you manage to reproduce this on aarch64 or did you really mean ppc64 in
target ?

Ramana

[Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Ramana Radhakrishnan from comment #3)
> Andrew,
> 
> Did you manage to reproduce this on aarch64 or did you really mean ppc64 in
> target ?

I most likely just meant ppc64 (I had aarch64 on the mind when I was touching
this bug).

But I think there is another bug just like this floating around in the system.

[Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is most likely fixed for 5.2 also.

[Bug target/65096] Illegal memory access beyond packed struct ARCH: ppc64

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65096

--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #5)
> This is most likely fixed for 5.2 also.

See PR 65408.