http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61016
Bug ID: 61016 Summary: use of uninitialized memory in gcc/config/i386/i386.c Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: kcc at gcc dot gnu.org CC: eugeni.stepanov at gmail dot com Created attachment 32715 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=32715&action=edit z.cc This is revision 209930 on x86_64 Linux. % valgrind --track-origins=yes gcc/cc1plus -quiet z.cc -O2 -o /dev/null ==12029== Conditional jump or move depends on uninitialised value(s) ==12029== at 0xDBEF66: classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int) (gcc/config/i386/i386.c:6361) ==12029== by 0xDBF2D4: classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int) (gcc/config/i386/i386.c:6501) ==12029== by 0xDBA097: ix86_function_arg_advance(cumulative_args_t, machine_mode, tree_node const*, bool) (gcc/config/i386/i386.c:6818) ==12029== by 0x92B40A: gimplify_parameters() (gcc/function.c:3624) ==12029== by 0x978AEA: gimplify_body(tree_node*, bool) (gcc/gimplify.c:8620) ==12029== by 0x9794AC: gimplify_function_tree(tree_node*) (gcc/gimplify.c:8777) ==12029== by 0x7EBC14: analyze_function(cgraph_node*) (gcc/cgraphunit.c:649) ==12029== by 0x7EECD2: analyze_functions() (gcc/cgraphunit.c:1017) ==12029== by 0x7EEACB: finalize_compilation_unit() (gcc/cgraphunit.c:2320) ==12029== by 0x5E67D3: cp_write_global_declarations() (gcc/cp/decl2.c:4619) ==12029== by 0xB19A20: compile_file() (gcc/toplev.c:562) ==12029== by 0xB197D7: toplev_main(int, char**) (gcc/toplev.c:1914) ==12029== Uninitialised value was created by a stack allocation ==12029== at 0xDBE920: classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int) (gcc/config/i386/i386.c:6412) The bug was initially detected by MemorySanitizer (which is a bit trickier to use with gcc at the moment) ==5348== WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7f265400f64d in merge_classes(x86_64_reg_class, x86_64_reg_class) gcc/config/i386/i386.c:6361 #1 0x7f265400f64d in classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int) gcc/config/i386/i386.c:6557 #2 0x7f265400dbfa in classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int) gcc/config/i386/i386.c:6501 #3 0x7f2653fef8fc in examine_argument(machine_mode, tree_node const*, int, int*, int*) gcc/config/i386/i386.c:6817 #4 0x7f2653fef8fc in function_arg_advance_64(ix86_args*, machine_mode, tree_node const*, long, bool) gcc/config/i386/i386.c:7199 #5 0x7f2653fef8fc in ix86_function_arg_advance(cumulative_args_t, machine_mode, tree_node const*, bool) gcc/config/i386/i386.c:7253 #6 0x7f26523a1ae1 in gimplify_parameters() gcc/function.c:3624 #7 0x7f2652594737 in gimplify_body(tree_node*, bool) gcc/gimplify.c:8620 #8 0x7f2652598479 in gimplify_function_tree(tree_node*) gcc/gimplify.c:8777 #9 0x7f2651bee7db in analyze_function(cgraph_node*) gcc/cgraphunit.c:649 #10 0x7f2651c01aa1 in analyze_functions() gcc/cgraphunit.c:1017 #11 0x7f2651c01088 in finalize_compilation_unit() gcc/cgraphunit.c:2320 #12 0x7f2650f8da6e in cp_write_global_declarations() gcc/cp/decl2.c:4619 #13 0x7f2652fa249d in compile_file() gcc/toplev.c:562 #14 0x7f2652fa06ff in do_compile() gcc/toplev.c:1914 #15 0x7f2652fa06ff in toplev_main(int, char**) gcc/toplev.c:1990 #16 0x7f26552563b3 in main gcc/main.c:36 #17 0x7f264f30276c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226 #18 0x7f26509f8960 in _start (/usr/local/google/ssd/msan-gcc/inst/libexec/gcc/x86_64-unknown-linux-gnu/4.10.0/cc1plus+0x2f4960) Uninitialized value was created by an allocation of 'subclasses' in the stack frame of function 'classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int)' #0 0x7f265400a310 in classify_argument(machine_mode, tree_node const*, x86_64_reg_class*, int) gcc/config/i386/i386.c:6412 Confirmed by printf: Index: gcc/config/i386/i386.c =================================================================== --- gcc/config/i386/i386.c (revision 209930) +++ gcc/config/i386/i386.c (working copy) @@ -6428,6 +6428,7 @@ int i; tree field; enum x86_64_reg_class subclasses[MAX_CLASSES]; + subclasses[1] = (enum x86_64_reg_class)0xab; /* On x86-64 we pass structures larger than 64 bytes on the stack. */ if (bytes > 64) @@ -6553,8 +6554,10 @@ bit_offset); if (!num) return 0; - for (i = 0; i < num; i++) + for (i = 0; i < num; i++) { + fprintf(stderr, "ZZZ[%d] %x\n", i, classes[i]); classes[i] = merge_classes (subclasses[i], classes[i]); + } } } break; ZZZ[0] 0 ZZZ[1] ab <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<