[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 H.J. Lu hjl.tools at gmail dot com changed: What|Removed |Added CC||hjl.tools at gmail dot com --- Comment #3 from H.J. Lu hjl.tools at gmail dot com 2012-11-21 14:28:01 UTC --- *** Bug 55407 has been marked as a duplicate of this bug. ***
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 H.J. Lu hjl.tools at gmail dot com changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2012-11-21 Ever Confirmed|0 |1 --- Comment #4 from H.J. Lu hjl.tools at gmail dot com 2012-11-21 14:29:02 UTC --- There is a simple testcase in PR 55407.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #5 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-21 14:34:24 UTC --- Teresa, your patch fixes the issue. Happy Thanksgiving.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #6 from Jakub Jelinek jakub at gcc dot gnu.org 2012-11-21 15:04:58 UTC --- Author: jakub Date: Wed Nov 21 15:04:45 2012 New Revision: 193697 URL: http://gcc.gnu.org/viewcvs?root=gccview=revrev=193697 Log: PR gcov-profile/55417 * profile.c (compute_working_sets): Check index first to avoid out-of-bounds array access. Modified: trunk/gcc/ChangeLog trunk/gcc/profile.c
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 Markus Trippelsdorf markus at trippelsdorf dot de changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #7 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-21 16:06:41 UTC --- Fixed.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #1 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-20 21:06:46 UTC --- Valgrind shows: % /var/tmp/gcc_valgrind/usr/local/bin/g++ -w -fprofile-use -O3 /home/markus/bench.cpp ==522== Conditional jump or move depends on uninitialised value(s) ==522==at 0x9E082B: compute_branch_probabilities(unsigned int, unsigned int) (profile.c:294) ==522==by 0x9E2544: branch_prob() (profile.c:1371) ==522==by 0xAFF5F5: tree_profiling() (tree-profile.c:483) ==522==by 0x9CBD2A: execute_one_pass(opt_pass*) (passes.c:2327) ==522==by 0x9CC789: execute_ipa_pass_list(opt_pass*) (passes.c:2692) ==522==by 0x79429F: compile() (cgraphunit.c:1869) ==522==by 0x794B99: finalize_compilation_unit() (cgraphunit.c:2120) ==522==by 0x5B4A0E: cp_write_global_declarations() (decl2.c:4287) ==522==by 0xA6D5BC: compile_file() (toplev.c:559) ==522==by 0xA6F479: toplev_main(int, char**) (toplev.c:1881) ==522==by 0x4ECD894: (below main) (libc-start.c:258) ==522== %
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417
--- Comment #2 from Teresa Johnson tejohnson at google dot com 2012-11-21
05:51:12 UTC ---
The following patch should fix it. I am running regression testing
now, but am leaving town imminently for several days and can send the
patch for review when I get back Sunday.
Teresa
2012-11-20 Teresa Johnson tejohn...@google.com
PR gcov-profile/55417
* profile.c (compute_working_sets): Check index first
to avoid out-of-bounds array access.
Index: profile.c
===
--- profile.c (revision 193614)
+++ profile.c (working copy)
@@ -291,8 +291,8 @@ compute_working_sets (void)
/* Next walk through successive working set entries and fill in
the statistics for any whose size we have reached by accumulating
this histogram counter. */
- while (tmp_cum = working_set_cum_values[ws_ix]
- ws_ix NUM_GCOV_WORKING_SETS)
+ while (ws_ix NUM_GCOV_WORKING_SETS
+ tmp_cum = working_set_cum_values[ws_ix])
{
gcov_working_sets[ws_ix].num_counters = count;
gcov_working_sets[ws_ix].min_counter
On Tue, Nov 20, 2012 at 1:06 PM, markus at trippelsdorf dot de
gcc-bugzi...@gcc.gnu.org wrote:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417
--- Comment #1 from Markus Trippelsdorf markus at trippelsdorf dot de
2012-11-20 21:06:46 UTC ---
Valgrind shows:
% /var/tmp/gcc_valgrind/usr/local/bin/g++ -w -fprofile-use -O3
/home/markus/bench.cpp
==522== Conditional jump or move depends on uninitialised value(s)
==522==at 0x9E082B: compute_branch_probabilities(unsigned int, unsigned
int) (profile.c:294)
==522==by 0x9E2544: branch_prob() (profile.c:1371)
==522==by 0xAFF5F5: tree_profiling() (tree-profile.c:483)
==522==by 0x9CBD2A: execute_one_pass(opt_pass*) (passes.c:2327)
==522==by 0x9CC789: execute_ipa_pass_list(opt_pass*) (passes.c:2692)
==522==by 0x79429F: compile() (cgraphunit.c:1869)
==522==by 0x794B99: finalize_compilation_unit() (cgraphunit.c:2120)
==522==by 0x5B4A0E: cp_write_global_declarations() (decl2.c:4287)
==522==by 0xA6D5BC: compile_file() (toplev.c:559)
==522==by 0xA6F479: toplev_main(int, char**) (toplev.c:1881)
==522==by 0x4ECD894: (below main) (libc-start.c:258)
==522==
%
--
Configure bugmail: http://gcc.gnu.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.
