[Bug ada/55485] New: stack-buffer-overflow in sem_ch8.adb

Mon, 26 Nov 2012 21:26:38 -0800 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55485



             Bug #: 55485

           Summary: stack-buffer-overflow in sem_ch8.adb

    Classification: Unclassified

           Product: gcc

           Version: 4.8.0

            Status: UNCONFIRMED

          Severity: normal

          Priority: P3

         Component: ada

        AssignedTo: unassig...@gcc.gnu.org

        ReportedBy: hjl.to...@gmail.com





On Linux/x86-64, hjl/asan branch gives:



/export/build/gnu/gcc-asan/build-x86_64-linux/./gcc/xgcc

-B/export/build/gnu/gcc-asan/build-x86_64-linux/./gcc/

-B/usr/local/x86_64-unknown-linux-gnu/bin/

-B/usr/local/x86_64-unknown-linux-gnu/lib/ -isystem

/usr/local/x86_64-unknown-linux-gnu/include -isystem

/usr/local/x86_64-unknown-linux-gnu/sys-include    -c -g -O2  -fpic  -W -Wall

-gnatpg -nostdinc   s-auxdec.adb -o s-auxdec.o

==2916== ERROR: AddressSanitizer: stack-buffer-overflow on address

0x7fff47f1b588 at pc 0xb6e8f4 bp 0x7fff47f1b4e0 sp 0x7fff47f1b4d8

WRITE of size 4 at 0x7fff47f1b588 thread T0

    #0 0xb6e8f3

(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/gnat1+0xb6e8f3)

Address 0x7fff47f1b588 is located at offset 72 in frame

<ada__exceptions__raise_current_excep> of T0's stack:

  This frame has 1 object(s):

    [32, 40) 'id'

HINT: this may be a false positive if your program uses some custom stack

unwind mechanism or swapcontext

      (longjmp and C++ exceptions *are* supported)

Shadow byte and word:

  0x1fffe8fe36b1: f3

  0x1fffe8fe36b0: f3 f3 f3 f3 00 00 00 00

More shadow bytes:

  0x1fffe8fe3690: 00 00 00 00 00 00 00 00

  0x1fffe8fe3698: 00 00 00 00 00 00 00 00

  0x1fffe8fe36a0: 00 00 00 00 00 00 00 00

  0x1fffe8fe36a8: f1 f1 f1 f1 00 f4 f4 f4

=>0x1fffe8fe36b0: f3 f3 f3 f3 00 00 00 00

  0x1fffe8fe36b8: 00 00 00 00 00 00 00 00

  0x1fffe8fe36c0: 00 00 00 00 00 00 00 00

  0x1fffe8fe36c8: 00 00 00 00 00 00 00 00

  0x1fffe8fe36d0: 00 00 00 00 00 00 00 00

Stats: 4M malloced (2M for red zones) by 2930 calls

Stats: 0M realloced by 258 calls

Stats: 0M freed by 567 calls

Stats: 0M really freed by 0 calls

Stats: 9M (2443 full pages) mmaped in 16 calls

  mmaps   by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 12:128; 13:64;

14:32; 15:16; 16:8; 17:4; 18:6; 19:1; 21:1;

  mallocs by size class: 7:1785; 8:688; 9:53; 10:88; 11:226; 12:35; 13:17;

14:14; 15:6; 16:7; 17:3; 18:6; 19:1; 21:1;

  frees   by size class: 7:267; 8:52; 9:32; 10:67; 11:131; 12:16; 13:1; 14:1;

  rfrees  by size class:

Stats: malloc large: 24 small slow: 49

==2916== ABORTING

make[9]: *** [s-auxdec.o] Error 1

[hjl@gnu-mic-2 ~]$ addr2line -e

/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/gnat1 0xb6e8f3

/export/gnu/import/git/gcc/gcc/ada/sem_ch8.adb:4038

[hjl@gnu-mic-2 ~]$

Reply via email to