From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 117784 invoked by alias); 21 Oct 2015 15:51:16 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 117702 invoked by uid 48); 21 Oct 2015 15:51:12 -0000 From: "dominiq at lps dot ens.fr" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/68042] New: [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111 Date: Wed, 21 Oct 2015 15:51:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 6.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dominiq at lps dot ens.fr X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone cf_gcchost cf_gcctarget cf_gccbuild Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-10/txt/msg01747.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042 Bug ID: 68042 Summary: [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111 Product: gcc Version: 6.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: dominiq at lps dot ens.fr CC: chefmax at gcc dot gnu.org, dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, iains at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org Target Milestone: --- Host: x86_64-apple-darwin14 Target: x86_64-apple-darwin14 Build: x86_64-apple-darwin14 As reported at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68041 the test c-c++-common/asan/sanity-check-pure-c-1.c fails with -m32 and -m64, while the test c-c++-common/asan/memcmp-1.c fails with -m64 only (gcc or g++). With r229078 the output for memcmp-1.c is ==78782==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff52f1c2a4 at pc 0x00010ccf9d99 bp 0x7fff52f1c260 sp 0x7fff52f1ba10 READ of size 6 at 0x7fff52f1c2a4 thread T0 #0 0x10ccf9d98 (/opt/gcc/gcc6a/lib/libasan.2.dylib+0xed98) #1 0x10cce3db4 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000db4) #2 0x7fff8d6885c8 (/usr/lib/system/libdyld.dylib+0x35c8) #3 0x0 () Address 0x7fff52f1c2a4 is located in stack of thread T0 at offset 36 in frame #0 0x10cce3cdb (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000cdb) This frame has 2 object(s): [32, 36) 'a1' <== Memory access at offset 36 overflows this variable [96, 100) 'a2' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ?? ... with r229123 the output is ==78732==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff5b7c82a4 at pc 0x000104486c10 bp 0x7fff5b7c8260 sp 0x7fff5b7c7a10 READ of size 6 at 0x7fff5b7c82a4 thread T0 #0 0x104486c0f in wrap_memcmp.part.128 sanitizer_common_interceptors.inc:414 #1 0x104437da1 in main (a.out+0x100000da1) #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8) #3 0x0 () Address 0x7fff5b7c82a4 is located in stack of thread T0 at offset 36 in frame #0 0x104437cc6 in main (a.out+0x100000cc6) This frame has 2 object(s): [32, 36) 'a1' <== Memory access at offset 36 overflows this variable [96, 100) 'a2' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow sanitizer_common_interceptors.inc:414 in wrap_memcmp.part.128 ... The corresponding outputs for sanity-check-pure-c-1.c are ==79126==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000e095 at pc 0x00010624ff15 bp 0x7fff599b0320 sp 0x7fff599b0318 READ of size 1 at 0x60200000e095 thread T0 #0 0x10624ff14 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000f14) #1 0x7fff8d6885c8 (/usr/lib/system/libdyld.dylib+0x35c8) #2 0x0 () 0x60200000e095 is located 5 bytes inside of 10-byte region [0x60200000e090,0x60200000e09a) freed by thread T0 here: #0 0x1062872c9 (/opt/gcc/gcc6a/lib/libasan.2.dylib+0x322c9) #1 0x10624fed2 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ed2) #2 0x7fff8d6885c8 (/usr/lib/system/libdyld.dylib+0x35c8) #3 0x0 () previously allocated by thread T0 here: #0 0x10628711a (/opt/gcc/gcc6a/lib/libasan.2.dylib+0x3211a) #1 0x10624fec2 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ec2) #2 0x7fff8d6885c8 (/usr/lib/system/libdyld.dylib+0x35c8) #3 0x0 () SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ?? ... and ==79057==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000e095 at pc 0x00010880befe bp 0x7fff573f4320 sp 0x7fff573f4318 READ of size 1 at 0x60200000e095 thread T0 #0 0x10880befd in main (a.out+0x100000efd) #1 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8) #2 0x0 () 0x60200000e095 is located 5 bytes inside of 10-byte region [0x60200000e090,0x60200000e09a) freed by thread T0 here: #0 0x1088615d0 in wrap_free.part.0 asan_malloc_mac.cc:112 #1 0x10880bebb in main (a.out+0x100000ebb) #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8) #3 0x0 () previously allocated by thread T0 here: #0 0x1088602a7 in wrap_malloc asan_malloc_mac.cc:104 #1 0x10880beab in main (a.out+0x100000eab) #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8) #3 0x0 () SUMMARY: AddressSanitizer: heap-use-after-free (a.out+0x100000efd) in main