public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/98407] New: [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer)
@ 2020-12-21 7:28 asolokha at gmx dot com
2020-12-21 8:58 ` [Bug c/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116 marxin at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: asolokha at gmx dot com @ 2020-12-21 7:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98407
Bug ID: 98407
Summary: [11 Regression] ICE: Aborted (in constant_byte_string;
free(): invalid pointer)
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: asolokha at gmx dot com
Target Milestone: ---
gcc-11.0.0-alpha20201220 snapshot (g:18e86fae2a14f78e70aae06afce6bb9853068bb1)
ICEs when compiling the following testcase w/ -O1:
struct gk {
int mi;
int vq[];
};
const struct gk un = { 0, { 0, }, }, og = { 0, { 0, }, };
int
ia (void)
{
return __builtin_memcmp (&un, &og, sizeof og);
}
% MALLOC_PERTURB_=3 MALLOC_CHECK_=3 gcc-11.0.0 -O1 -c jenyen4s.c
free(): invalid pointer
jenyen4s.c: In function 'ia':
jenyen4s.c:11:3: internal compiler error: Aborted
11 | return __builtin_memcmp (&un, &og, sizeof og);
| ^~~~~~
0xdf83df crash_signal
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/toplev.c:327
0xa6fe97 constant_byte_string
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/expr.c:11836
0xaa58ef getbyterep(tree_node*, unsigned long*)
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/fold-const.c:16242
0xad94a7 fold_const_call(combined_fn, tree_node*, tree_node*, tree_node*,
tree_node*)
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/fold-const-call.c:1806
0x921958 fold_builtin_3
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/builtins.c:12034
0x921958 fold_builtin_n
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/builtins.c:12115
0xaa3fca fold_build_call_array_loc(unsigned int, tree_node*, tree_node*, int,
tree_node**)
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/fold-const.c:13827
0x8297e1 build_function_call_vec(unsigned int, vec<unsigned int, va_heap,
vl_ptr>, tree_node*, vec<tree_node*, va_gc, vl_embed>*, vec<tree_node*, va_gc,
vl_embed>*, tree_node*)
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-typeck.c:3155
0x84924a c_parser_postfix_expression_after_primary
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:10470
0x840599 c_parser_postfix_expression
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:10143
0x844a6a c_parser_unary_expression
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:8230
0x84629b c_parser_cast_expression
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:8072
0x846547 c_parser_binary_expression
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:7875
0x8478c8 c_parser_conditional_expression
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:7598
0x847fc4 c_parser_expr_no_commas
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:7513
0x848275 c_parser_expression
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:10606
0x848abb c_parser_expression_conv
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:10645
0x83e927 c_parser_statement_after_labels
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:6160
0x8400c2 c_parser_compound_statement_nostart
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:5788
0x85e435 c_parser_compound_statement
/var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201220/work/gcc-11-20201220/gcc/c/c-parser.c:5597
There's a memory corruption issue somewhere, so it's better reproducible w/
Valgrind, MALLOC_PERTURB_ functionality provided by glibc, or some similar
means.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116
2020-12-21 7:28 [Bug c/98407] New: [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) asolokha at gmx dot com
@ 2020-12-21 8:58 ` marxin at gcc dot gnu.org
2020-12-21 9:04 ` [Bug tree-optimization/98407] " jakub at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-12-21 8:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98407
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Priority|P3 |P1
Summary|[11 Regression] ICE: |[11 Regression] ICE:
|Aborted (in |Aborted (in
|constant_byte_string; |constant_byte_string;
|free(): invalid pointer) |free(): invalid pointer)
| |since
| |r11-6271-g69165332a914f116
CC| |jakub at gcc dot gnu.org,
| |marxin at gcc dot gnu.org
Known to work| |10.2.0
Ever confirmed|0 |1
Last reconfirmed| |2020-12-21
Known to fail| |11.0
Target Milestone|--- |11.0
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r11-6271-g69165332a914f116. One can easily see that with valgrind.
Thanks for the report.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116
2020-12-21 7:28 [Bug c/98407] New: [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) asolokha at gmx dot com
2020-12-21 8:58 ` [Bug c/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116 marxin at gcc dot gnu.org
@ 2020-12-21 9:04 ` jakub at gcc dot gnu.org
2020-12-21 9:16 ` cvs-commit at gcc dot gnu.org
2020-12-21 9:18 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-12-21 9:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98407
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|c |tree-optimization
Status|NEW |ASSIGNED
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116
2020-12-21 7:28 [Bug c/98407] New: [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) asolokha at gmx dot com
2020-12-21 8:58 ` [Bug c/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116 marxin at gcc dot gnu.org
2020-12-21 9:04 ` [Bug tree-optimization/98407] " jakub at gcc dot gnu.org
@ 2020-12-21 9:16 ` cvs-commit at gcc dot gnu.org
2020-12-21 9:18 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-12-21 9:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98407
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:d8aeee11af715507e61464d390f14e4f4fde61b0
commit r11-6281-gd8aeee11af715507e61464d390f14e4f4fde61b0
Author: Jakub Jelinek <jakub@redhat.com>
Date: Mon Dec 21 10:14:46 2020 +0100
fold-const: Fix up a buffer overflow in native_encode_initializer [PR98407]
For flexible array members we need to incrementally clear just from
ptr + total_bytes up to new ptr + total_bytes, but memset has been called
with the length from ptr, so was missing - total_bytes. Additionally,
in this code off is guaranteed to be -1 and thus o 0, so don't bother
pretending
we could handle anything else, it would be more complicated than that.
2020-12-21 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/98407
* fold-const.c (native_encode_initializer): When handling flexible
array members, fix up computation of length for memset. Also
remove
" - o" as o is always guaranteed to be 0 in this code path.
* gcc.c-torture/compile/pr98407.c: New test.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116
2020-12-21 7:28 [Bug c/98407] New: [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) asolokha at gmx dot com
` (2 preceding siblings ...)
2020-12-21 9:16 ` cvs-commit at gcc dot gnu.org
@ 2020-12-21 9:18 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-12-21 9:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98407
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed, sorry.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-12-21 9:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-21 7:28 [Bug c/98407] New: [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) asolokha at gmx dot com
2020-12-21 8:58 ` [Bug c/98407] [11 Regression] ICE: Aborted (in constant_byte_string; free(): invalid pointer) since r11-6271-g69165332a914f116 marxin at gcc dot gnu.org
2020-12-21 9:04 ` [Bug tree-optimization/98407] " jakub at gcc dot gnu.org
2020-12-21 9:16 ` cvs-commit at gcc dot gnu.org
2020-12-21 9:18 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).