[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 H.J. Lu hjl.tools at gmail dot com changed: What|Removed |Added CC||hjl.tools at gmail dot com --- Comment #3 from H.J. Lu hjl.tools at gmail dot com 2012-11-21 14:28:01 UTC --- *** Bug 55407 has been marked as a duplicate of this bug. ***
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 H.J. Lu hjl.tools at gmail dot com changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2012-11-21 Ever Confirmed|0 |1 --- Comment #4 from H.J. Lu hjl.tools at gmail dot com 2012-11-21 14:29:02 UTC --- There is a simple testcase in PR 55407.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #5 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-21 14:34:24 UTC --- Teresa, your patch fixes the issue. Happy Thanksgiving.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #6 from Jakub Jelinek jakub at gcc dot gnu.org 2012-11-21 15:04:58 UTC --- Author: jakub Date: Wed Nov 21 15:04:45 2012 New Revision: 193697 URL: http://gcc.gnu.org/viewcvs?root=gccview=revrev=193697 Log: PR gcov-profile/55417 * profile.c (compute_working_sets): Check index first to avoid out-of-bounds array access. Modified: trunk/gcc/ChangeLog trunk/gcc/profile.c
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 Markus Trippelsdorf markus at trippelsdorf dot de changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #7 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-21 16:06:41 UTC --- Fixed.
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #1 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-20 21:06:46 UTC --- Valgrind shows: % /var/tmp/gcc_valgrind/usr/local/bin/g++ -w -fprofile-use -O3 /home/markus/bench.cpp ==522== Conditional jump or move depends on uninitialised value(s) ==522==at 0x9E082B: compute_branch_probabilities(unsigned int, unsigned int) (profile.c:294) ==522==by 0x9E2544: branch_prob() (profile.c:1371) ==522==by 0xAFF5F5: tree_profiling() (tree-profile.c:483) ==522==by 0x9CBD2A: execute_one_pass(opt_pass*) (passes.c:2327) ==522==by 0x9CC789: execute_ipa_pass_list(opt_pass*) (passes.c:2692) ==522==by 0x79429F: compile() (cgraphunit.c:1869) ==522==by 0x794B99: finalize_compilation_unit() (cgraphunit.c:2120) ==522==by 0x5B4A0E: cp_write_global_declarations() (decl2.c:4287) ==522==by 0xA6D5BC: compile_file() (toplev.c:559) ==522==by 0xA6F479: toplev_main(int, char**) (toplev.c:1881) ==522==by 0x4ECD894: (below main) (libc-start.c:258) ==522== %
[Bug gcov-profile/55417] [4.8 Regression] AddressSanitizer reports stack-buffer-overflow in profiling code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #2 from Teresa Johnson tejohnson at google dot com 2012-11-21 05:51:12 UTC --- The following patch should fix it. I am running regression testing now, but am leaving town imminently for several days and can send the patch for review when I get back Sunday. Teresa 2012-11-20 Teresa Johnson tejohn...@google.com PR gcov-profile/55417 * profile.c (compute_working_sets): Check index first to avoid out-of-bounds array access. Index: profile.c === --- profile.c (revision 193614) +++ profile.c (working copy) @@ -291,8 +291,8 @@ compute_working_sets (void) /* Next walk through successive working set entries and fill in the statistics for any whose size we have reached by accumulating this histogram counter. */ - while (tmp_cum = working_set_cum_values[ws_ix] - ws_ix NUM_GCOV_WORKING_SETS) + while (ws_ix NUM_GCOV_WORKING_SETS + tmp_cum = working_set_cum_values[ws_ix]) { gcov_working_sets[ws_ix].num_counters = count; gcov_working_sets[ws_ix].min_counter On Tue, Nov 20, 2012 at 1:06 PM, markus at trippelsdorf dot de gcc-bugzi...@gcc.gnu.org wrote: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55417 --- Comment #1 from Markus Trippelsdorf markus at trippelsdorf dot de 2012-11-20 21:06:46 UTC --- Valgrind shows: % /var/tmp/gcc_valgrind/usr/local/bin/g++ -w -fprofile-use -O3 /home/markus/bench.cpp ==522== Conditional jump or move depends on uninitialised value(s) ==522==at 0x9E082B: compute_branch_probabilities(unsigned int, unsigned int) (profile.c:294) ==522==by 0x9E2544: branch_prob() (profile.c:1371) ==522==by 0xAFF5F5: tree_profiling() (tree-profile.c:483) ==522==by 0x9CBD2A: execute_one_pass(opt_pass*) (passes.c:2327) ==522==by 0x9CC789: execute_ipa_pass_list(opt_pass*) (passes.c:2692) ==522==by 0x79429F: compile() (cgraphunit.c:1869) ==522==by 0x794B99: finalize_compilation_unit() (cgraphunit.c:2120) ==522==by 0x5B4A0E: cp_write_global_declarations() (decl2.c:4287) ==522==by 0xA6D5BC: compile_file() (toplev.c:559) ==522==by 0xA6F479: toplev_main(int, char**) (toplev.c:1881) ==522==by 0x4ECD894: (below main) (libc-start.c:258) ==522== % -- Configure bugmail: http://gcc.gnu.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug.