From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-490156-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 30431 invoked by alias); 25 Jun 2015 01:25:11 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 30401 invoked by uid 48); 25 Jun 2015 01:25:08 -0000
From: "P at draigBrady dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/66661] New: incorrect memory access in optimization with flexible array member
Date: Thu, 25 Jun 2015 01:25:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 5.1.1
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: P at draigBrady dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution:
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-66661-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-06/txt/msg02488.txt.bz2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66661

            Bug ID: 66661
           Summary: incorrect memory access in optimization with flexible
                    array member
           Product: gcc
           Version: 5.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: P at draigBrady dot com
  Target Milestone: ---

On a heap allocated structure, direct access to flexible array members with
optimization at -O2 can result in reads to memory beyond the heap object.
I.E. gcc assumes alignment/padding is allocated when accessing flexible array
members. The attached file is a summary of the code involved though does _not_
reproduce the issue.

To reproduce one can:

  git clone --depth=1 git://git.sv.gnu.org/coreutils.git
  cd coreutils/
  git checkout 53883af0
  export LSAN_OPTIONS=exitcode=0
  ./bootstrap && ./configure --quiet && \
  make -j8 AM_CFLAGS='-fsanitize=address -fsanitize=undefined'
  src/chmod a+rx ..

Also attached is the disassembly of the problematic code,
and for comparison good code achieved by using a (char*) cast
on the flexi array to force byte at a time access.