[Bug sanitizer/68042] New: [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[Bug sanitizer/68042] New: [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

            Bug ID: 68042
           Summary: [6 Regression]
                    c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c)
                    failures on x86_64-apple-darwin14 after r229111
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dominiq at lps dot ens.fr
                CC: chefmax at gcc dot gnu.org, dodji at gcc dot gnu.org,
                    dvyukov at gcc dot gnu.org, iains at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---
              Host: x86_64-apple-darwin14
            Target: x86_64-apple-darwin14
             Build: x86_64-apple-darwin14

As reported at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68041 the test
c-c++-common/asan/sanity-check-pure-c-1.c fails with -m32 and -m64, while the
test c-c++-common/asan/memcmp-1.c fails with -m64 only (gcc or g++).

With r229078 the output for memcmp-1.c is

==78782==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff52f1c2a4 at pc 0x00010ccf9d99 bp 0x7fff52f1c260 sp 0x7fff52f1ba10
READ of size 6 at 0x7fff52f1c2a4 thread T0
    #0 0x10ccf9d98  (/opt/gcc/gcc6a/lib/libasan.2.dylib+0xed98)
    #1 0x10cce3db4 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000db4)
    #2 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

Address 0x7fff52f1c2a4 is located in stack of thread T0 at offset 36 in frame
    #0 0x10cce3cdb 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000cdb)

  This frame has 2 object(s):
    [32, 36) 'a1' <== Memory access at offset 36 overflows this variable
    [96, 100) 'a2'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
...

with r229123 the output is

==78732==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff5b7c82a4 at pc 0x000104486c10 bp 0x7fff5b7c8260 sp 0x7fff5b7c7a10
READ of size 6 at 0x7fff5b7c82a4 thread T0
    #0 0x104486c0f in wrap_memcmp.part.128
sanitizer_common_interceptors.inc:414
    #1 0x104437da1 in main (a.out+0x100000da1)
    #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

Address 0x7fff5b7c82a4 is located in stack of thread T0 at offset 36 in frame
    #0 0x104437cc6 in main (a.out+0x100000cc6)

  This frame has 2 object(s):
    [32, 36) 'a1' <== Memory access at offset 36 overflows this variable
    [96, 100) 'a2'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
sanitizer_common_interceptors.inc:414 in wrap_memcmp.part.128
...

The corresponding outputs for sanity-check-pure-c-1.c are

==79126==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000e095
at pc 0x00010624ff15 bp 0x7fff599b0320 sp 0x7fff599b0318
READ of size 1 at 0x60200000e095 thread T0
    #0 0x10624ff14 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000f14)
    #1 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #2 0x0  (<unknown module>)

0x60200000e095 is located 5 bytes inside of 10-byte region
[0x60200000e090,0x60200000e09a)
freed by thread T0 here:
    #0 0x1062872c9  (/opt/gcc/gcc6a/lib/libasan.2.dylib+0x322c9)
    #1 0x10624fed2 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ed2)
    #2 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x10628711a  (/opt/gcc/gcc6a/lib/libasan.2.dylib+0x3211a)
    #1 0x10624fec2 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ec2)
    #2 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
...

and

==79057==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000e095
at pc 0x00010880befe bp 0x7fff573f4320 sp 0x7fff573f4318
READ of size 1 at 0x60200000e095 thread T0
    #0 0x10880befd in main (a.out+0x100000efd)
    #1 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #2 0x0  (<unknown module>)

0x60200000e095 is located 5 bytes inside of 10-byte region
[0x60200000e090,0x60200000e09a)
freed by thread T0 here:
    #0 0x1088615d0 in wrap_free.part.0 asan_malloc_mac.cc:112
    #1 0x10880bebb in main (a.out+0x100000ebb)
    #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x1088602a7 in wrap_malloc asan_malloc_mac.cc:104
    #1 0x10880beab in main (a.out+0x100000eab)
    #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free (a.out+0x100000efd) in main

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[chefmax at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

--- Comment #1 from Maxim Ostapenko <chefmax at gcc dot gnu.org> ---
I wonder if the fix would be just output patterns adjustment (just like here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63939)?

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2015-10-21
     Ever confirmed|0                           |1

--- Comment #2 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> I wonder if the fix would be just output patterns adjustment (just like here:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63939)?

Indeed, however the regexprs are quite unfriendly and I probably won't have the
time to look at them before the end of the week.

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |6.0

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[chefmax at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

--- Comment #3 from Maxim Ostapenko <chefmax at gcc dot gnu.org> ---
Created attachment 36562
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36562&action=edit
Draft patch.

Here an expected patch for memcmp-1.c and sanity-check-pure-c-1.c output
patterns. Does it fix the problem?

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

--- Comment #4 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Created attachment 36562 [details]
> Draft patch.
>
> Here an expected patch for memcmp-1.c and sanity-check-pure-c-1.c output patterns. > > Does it fix the problem?

>From a quick test, yes. Thanks for the quick patch.

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[chefmax at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

--- Comment #5 from Maxim Ostapenko <chefmax at gcc dot gnu.org> ---
Author: chefmax
Date: Fri Oct 23 07:22:37 2015
New Revision: 229212

URL: https://gcc.gnu.org/viewcvs?rev=229212&root=gcc&view=rev
Log:
Fix ASan output pattern tests on Darwin.

gcc/testsuite/

        PR sanitizer/68042
        * c-c++-common/asan/memcmp-1.c: Adjust test to pass on Darwin.
        * c-c++-common/asan/sanity-check-pure-c-1.c: Likewise.

Modified:
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/c-c++-common/asan/memcmp-1.c
    trunk/gcc/testsuite/c-c++-common/asan/sanity-check-pure-c-1.c

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[chefmax at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

--- Comment #6 from Maxim Ostapenko <chefmax at gcc dot gnu.org> ---
Should be fix on trunk.

[Bug sanitizer/68042] [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #7 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Should be fix on trunk.

Confirmed, Thanks for the quick fix. Closing.