https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85174
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
As seen in PR82501 we have problem with a first global variable in module.
Unfortunately with -O1 and above the powerpc target does some address
reordering (gas is responsible I guess):
$ cat snippet.c
char __attribute__((used)) smallest_global1[5] = {};
char __attribute__((used)) smallest_global2[50] = {};
char __attribute__((used)) smallest_global3[8] = {};
char __attribute__((used)) smallest_global4[12] = {};
char __attribute__((used)) smallest_global5[17] = {};
char __attribute__((used)) smallest_global6[2] = {};
char __attribute__((used)) smallest_global7[1] = {};
char __attribute__((used)) smallest_global8[111] = {};
char __attribute__((used)) smallest_global9[77] = {};
int
main ()
{
char *p = &smallest_global5[0];
__asm ("" : "+g" (p));
*(p-1) = 123;
return 0;
}
$ gcc -O0 /tmp/snippet.c -fsanitize=address -g && ./a.out
=================================================================
==36305==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00001002063f at pc 0x000010000908 bp 0x3fffc48109c0 sp 0x3fffc4810a48
WRITE of size 1 at 0x00001002063f thread T0
#0 0x10000904 in main /tmp/snippet.c:16
#1 0x3fffb5846be8 in generic_start_main.isra.0 (/lib64/libc.so.6+0x46be8)
0x00001002063f is located 51 bytes to the right of global variable
'smallest_global4' defined in '/tmp/snippet.c:4:28' (0x10020600) of size 12
0x00001002063f is located 1 bytes to the left of global variable
'smallest_global5' defined in '/tmp/snippet.c:5:28' (0x10020640) of size 17
SUMMARY: AddressSanitizer: global-buffer-overflow /tmp/snippet.c:16 in main
Shadow bytes around the buggy address:
0x020002004070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x020002004080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x020002004090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0200020040a0: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0200020040b0: 00 00 02 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
=>0x0200020040c0: 00 04 f9 f9 f9 f9 f9[f9]00 00 01 f9 f9 f9 f9 f9
0x0200020040d0: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
0x0200020040e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 07 f9 f9
0x0200020040f0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 05 f9 f9
0x020002004100: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x020002004110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==36305==ABORTING
$ nm a.out
[snip]
0000000010020520 B smallest_global1
0000000010020560 B smallest_global2
00000000100205c0 B smallest_global3
0000000010020600 B smallest_global4
0000000010020640 B smallest_global5
0000000010020680 B smallest_global6
00000000100206c0 B smallest_global7
0000000010020700 B smallest_global8
00000000100207a0 B smallest_global9
[snip]
$ gcc -O1 /tmp/snippet.c -fsanitize=address -g && ./a.out
[no output]
$ nm a.out
00000000100207e0 B smallest_global1
0000000010020780 B smallest_global2
0000000010020740 B smallest_global3
0000000010020700 B smallest_global4
0000000010020520 B smallest_global5
00000000100206c0 B smallest_global6
0000000010020680 B smallest_global7
00000000100205e0 B smallest_global8
0000000010020560 B smallest_global9
That said, I'll mark it as duplicate.
*** This bug has been marked as a duplicate of bug 82501 ***
