https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85174
Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE --- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> --- As seen in PR82501 we have problem with a first global variable in module. Unfortunately with -O1 and above the powerpc target does some address reordering (gas is responsible I guess): $ cat snippet.c char __attribute__((used)) smallest_global1[5] = {}; char __attribute__((used)) smallest_global2[50] = {}; char __attribute__((used)) smallest_global3[8] = {}; char __attribute__((used)) smallest_global4[12] = {}; char __attribute__((used)) smallest_global5[17] = {}; char __attribute__((used)) smallest_global6[2] = {}; char __attribute__((used)) smallest_global7[1] = {}; char __attribute__((used)) smallest_global8[111] = {}; char __attribute__((used)) smallest_global9[77] = {}; int main () { char *p = &smallest_global5[0]; __asm ("" : "+g" (p)); *(p-1) = 123; return 0; } $ gcc -O0 /tmp/snippet.c -fsanitize=address -g && ./a.out ================================================================= ==36305==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00001002063f at pc 0x000010000908 bp 0x3fffc48109c0 sp 0x3fffc4810a48 WRITE of size 1 at 0x00001002063f thread T0 #0 0x10000904 in main /tmp/snippet.c:16 #1 0x3fffb5846be8 in generic_start_main.isra.0 (/lib64/libc.so.6+0x46be8) 0x00001002063f is located 51 bytes to the right of global variable 'smallest_global4' defined in '/tmp/snippet.c:4:28' (0x10020600) of size 12 0x00001002063f is located 1 bytes to the left of global variable 'smallest_global5' defined in '/tmp/snippet.c:5:28' (0x10020640) of size 17 SUMMARY: AddressSanitizer: global-buffer-overflow /tmp/snippet.c:16 in main Shadow bytes around the buggy address: 0x020002004070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x020002004080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x020002004090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0200020040a0: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0200020040b0: 00 00 02 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 =>0x0200020040c0: 00 04 f9 f9 f9 f9 f9[f9]00 00 01 f9 f9 f9 f9 f9 0x0200020040d0: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 0x0200020040e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 07 f9 f9 0x0200020040f0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 05 f9 f9 0x020002004100: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x020002004110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==36305==ABORTING $ nm a.out [snip] 0000000010020520 B smallest_global1 0000000010020560 B smallest_global2 00000000100205c0 B smallest_global3 0000000010020600 B smallest_global4 0000000010020640 B smallest_global5 0000000010020680 B smallest_global6 00000000100206c0 B smallest_global7 0000000010020700 B smallest_global8 00000000100207a0 B smallest_global9 [snip] $ gcc -O1 /tmp/snippet.c -fsanitize=address -g && ./a.out [no output] $ nm a.out 00000000100207e0 B smallest_global1 0000000010020780 B smallest_global2 0000000010020740 B smallest_global3 0000000010020700 B smallest_global4 0000000010020520 B smallest_global5 00000000100206c0 B smallest_global6 0000000010020680 B smallest_global7 00000000100205e0 B smallest_global8 0000000010020560 B smallest_global9 That said, I'll mark it as duplicate. *** This bug has been marked as a duplicate of bug 82501 ***