[Bug sanitizer/96318] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[Bug sanitizer/96318] New: FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

            Bug ID: 96318
           Summary: FAIL: c-c++-common/asan/strncpy-overflow-1.c  * output
                    pattern test with C on Darwin
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dominiq at lps dot ens.fr
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    iains at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
                    marxin at gcc dot gnu.org
  Target Milestone: ---

With G++ the output is

=================================================================
==80414==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000000f9 at pc 0x0001101655f0 bp 0x7ffedfdf30c0 sp 0x7ffedfdf2870
WRITE of size 10 at 0x6020000000f9 thread T0
    #0 0x1101655ef in wrap_strncpy
/opt/gcc/build_w/x86_64-apple-darwin19.5.0/libsanitizer/asan/../../../../work/libsanitizer/asan/asan_interceptors.cpp:483:5
    #1 0x10fe09d8d in main
/opt/gcc/work/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c:11:10
    #2 0x7fff6e3decc8 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1acc8)

0x6020000000f9 is located 0 bytes to the right of 9-byte region
[0x6020000000f0,0x6020000000f9)
allocated by thread T0 here:
    #0 0x110196d37 in wrap_malloc
/opt/gcc/build_w/x86_64-apple-darwin19.5.0/libsanitizer/asan/../../../../work/libsanitizer/sanitizer_common/sanitizer_malloc_mac.inc:140:3
    #1 0x10fe09d71 in main
/opt/gcc/work/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c:10:37
    #2 0x7fff6e3decc8 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1acc8)
...

which matches

/* { dg-output "WRITE of size \[0-9\]* at 0x\[0-9a-f\]+ thread
T0\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "    #0 0x\[0-9a-f\]+ +(in
_*(interceptor_|wrap_|)strncpy|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "    #1 0x\[0-9a-f\]+ +(in _*main
(\[^\n\r]*strncpy-overflow-1.c:11|\[^\n\r]*:0|\[^\n\r]*\\+0x\[0-9a-z\]*)|\[(\]).*(\n|\r\n|\r)"
} */
/* { dg-output "\[^\n\r]*0x\[0-9a-f\]+ is located 0 bytes to the right of
9-byte region\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "\[^\n\r]*allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" }
*/
/* { dg-output "    #0 0x\[0-9a-f\]+ +(in
_*(interceptor_|wrap_|)malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */
/* { dg-output "    #1 0x\[0-9a-f\]+ +(in _*main
(\[^\n\r]*strncpy-overflow-1.c:10|\[^\n\r]*:0|\[^\n\r]*\\+0x\[0-9a-z\]*)|\[(\])\[^\n\r]*(\n|\r\n|\r)"
} */

With GCC the output is

=================================================================
==82801==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000000f9 at pc 0x00010df36d79 bp 0x7ffee1cf0670 sp 0x7ffee1cefe20
WRITE of size 5 at 0x6020000000f9 thread T0
    #0 0x10df36d78 in wrap___bzero.part.0
/opt/gcc/build_w/x86_64-apple-darwin19.5.0/libsanitizer/asan/../../../../work/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:5584:3
    #1 0x7fff6e43fc42 in stpncpy
(/usr/lib/system/libsystem_c.dylib:x86_64+0x11c42)
    #2 0x7fff6e4ab34a in __strncpy_chk
(/usr/lib/system/libsystem_c.dylib:x86_64+0x7d34a)
    #3 0x10df0cd8d in main
/opt/gcc/work/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c:11:3
    #4 0x7fff6e3decc8 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1acc8)

0x6020000000f9 is located 0 bytes to the right of 9-byte region
[0x6020000000f0,0x6020000000f9)
allocated by thread T0 here:
    #0 0x10df60d37 in wrap_malloc
/opt/gcc/build_w/x86_64-apple-darwin19.5.0/libsanitizer/asan/../../../../work/libsanitizer/sanitizer_common/sanitizer_malloc_mac.inc:140:3
    #1 0x10df0cd6a in main
/opt/gcc/work/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c:10:31
    #2 0x7fff6e3decc8 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1acc8)
...

with two extra lines not expected in the output regexpr.

Questions:

(1) Why gcc on Darwin outputs these extra lines?
(2) Is there some magic incantation to ovoid it?
(3) What to do with the test on Darwin?

[Bug sanitizer/96318] FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2020-07-27
     Ever confirmed|0                           |1

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
It's probable related to fact how are these routines internally implemented on
Darwin. You can add optional scan for the extra lines you see.

[Bug sanitizer/96318] FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING

--- Comment #2 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> It's probable related to fact how are these routines internally
> implemented on Darwin. You can add optional scan for the extra lines you see.

What is "optional scan"?

[Bug sanitizer/96318] FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[iains at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

Iain Sandoe <iains at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |iains at gcc dot gnu.org
   Target Milestone|---                         |9.4

--- Comment #3 from Iain Sandoe <iains at gcc dot gnu.org> ---
I fixed this for master, but failed to mention the PR number.

r11-7704-gc86c5195c8c02f58

Part of the problem is that Darwin defaults to _FORTIFY_SOURCE if that is not
explicitly given, and this results in the substitution of _chk builtins.  This
means that the disabling of the regular builtins fails (and we never have the
call expected).

That's fixable by adding -D _FORTIFY_SOURCE=0 to the command line.

The other part of the issue is that the system address symboliser (atos) is not
consuming the debug / frame information we are producing.  At present, it's not
clear if that's a GCC debug bug or an atos bug.  Adding "-gdwarf-3" is
sufficient to fix things in this case and is functional for the test-case.

Investigation of the debug etc. will need to be deferred to the next stage1 and
I am leaving this PR open, since the problem also exists on 10.x and 9.x (I
will back port to at least 10.x).

[Bug sanitizer/96318] FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Iain D Sandoe
<iains@gcc.gnu.org>:

https://gcc.gnu.org/g:716d345c237f030a3e85d7410b06a8c1ac4c46fb

commit r10-9539-g716d345c237f030a3e85d7410b06a8c1ac4c46fb
Author: Iain Sandoe <iain@sandoe.co.uk>
Date:   Wed Mar 17 13:05:47 2021 +0000

    testsuite, Darwin : Fix the asan/strncpy-overflow-1 test.

    1. To be more compatible with Linux, Darwin testcases that include
    string.h should set _FORTIFY_SOURCE=0 since, otherwise, it will be
    defaulted on and the _chk versions of the string builtins will be
    used.  This testcase fails otherwise because there's no convenient
    way to disable the _chk builtins.

    2. The system tool that handles symbolization (atos) is not reliable
    with GCC's DWARF-2 output but, fortunately, all the platform
    versions that support the current sanitizers are able to handle
    dwarf-3 for this testcase.

    gcc/testsuite/ChangeLog:

            PR sanitizer/96318
            * c-c++-common/asan/strncpy-overflow-1.c: Add _FORTIFY_SOURCE=0 and
            -gdwarf-3 to the command line options. Adjust the expected line
            numbers for the revised options header.

    (cherry picked from commit c86c5195c8c02f5891a222f498c074b373aa946c)

[Bug sanitizer/96318] FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|9.4                         |9.5

--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9.4 is being released, retargeting bugs to GCC 9.5.

[Bug sanitizer/96318] FAIL: c-c++-common/asan/strncpy-overflow-1.c * output pattern test with C on Darwin

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96318

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|9.5                         |10.3
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
Fixed for GCC 10.3.