subject:"\[Bug libfortran\/81938\] valgrind error message and heap\-buffer\-overflow on address sanitized libgfortran.so"

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-28 Thread tkoenig at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

Thomas Koenig  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||tkoenig at gcc dot gnu.org
 Resolution|--- |FIXED

--- Comment #10 from Thomas Koenig  ---
(In reply to Jerry DeLisle from comment #9)
> I think this can be closed now.
I concur.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-27 Thread jvdelisle at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

--- Comment #9 from Jerry DeLisle  ---
I think this can be closed now.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-27 Thread jvdelisle at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

--- Comment #8 from Jerry DeLisle  ---
Author: jvdelisle
Date: Fri Oct 27 18:51:35 2017
New Revision: 254169

URL: https://gcc.gnu.org/viewcvs?rev=254169=gcc=rev
Log:
2017-10-27  Jerry DeLisle  
Rimvydas (RJ)

Backport from trunk
PR libgfortran/81938
io/format.c (free_format_data): Don't try to free vlist
descriptors past the end of the fnode array.

Modified:
branches/gcc-7-branch/libgfortran/ChangeLog
branches/gcc-7-branch/libgfortran/io/format.c

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-27 Thread jvdelisle at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

--- Comment #7 from Jerry DeLisle  ---
Author: jvdelisle
Date: Fri Oct 27 17:50:22 2017
New Revision: 254163

URL: https://gcc.gnu.org/viewcvs?rev=254163=gcc=rev
Log:
2017-10-27  Jerry DeLisle  
Rimvydas (RJ)

PR libgfortran/81938
io/format.c (free_format_data): Don't try to free vlist
descriptors past the end of the fnode array.

Modified:
trunk/libgfortran/ChangeLog
trunk/libgfortran/io/format.c

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-26 Thread rimvydas.jas at gmail dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

--- Comment #6 from Rimvydas (RJ)  ---
(In reply to Dominique d'Humieres from comment #4)
> Thanks for working on this issue.
> 
> The patch in comment 2 fixes this PR along with the failures for
> gfortran.dg/fmt_cache_1.f and gfortran.dg/fmt_cache_2.f reported in pr78672.
> 
> Patches should be submitted to fort...@gcc.gnu.org and
> gcc-patc...@gcc.gnu.org for review. Do you have write access to SVN?

No, I do not have write access to gcc SVN. Just a part of technical staff at
our institute working to ensure portability of our scientific models. If patch
is OK(still think whole loop could be rewritten for better readability, but
runtime libraries tend to be tricky) could we expect fix backported to GCC7
branch?
Thanks in advance.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-25 Thread jvdelisle at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

Jerry DeLisle  changed:

   What|Removed |Added

 CC||jvdelisle at gcc dot gnu.org

--- Comment #5 from Jerry DeLisle  ---
(In reply to Dominique d'Humieres from comment #4)
> Thanks for working on this issue.
> 
> The patch in comment 2 fixes this PR along with the failures for
> gfortran.dg/fmt_cache_1.f and gfortran.dg/fmt_cache_2.f reported in pr78672.
> 
> Patches should be submitted to fort...@gcc.gnu.org and
> gcc-patc...@gcc.gnu.org for review. Do you have write access to SVN?

The patch looks OK. I can commitg if noone else is doing so.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-25 Thread dominiq at lps dot ens.fr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

Dominique d'Humieres  changed:

   What|Removed |Added

 Blocks||78672

--- Comment #4 from Dominique d'Humieres  ---
Thanks for working on this issue.

The patch in comment 2 fixes this PR along with the failures for
gfortran.dg/fmt_cache_1.f and gfortran.dg/fmt_cache_2.f reported in pr78672.

Patches should be submitted to fort...@gcc.gnu.org and gcc-patc...@gcc.gnu.org
for review. Do you have write access to SVN?


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78672
[Bug 78672] Gfortran test suite failures with a sanitized compiler

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-25 Thread rimvydas.jas at gmail dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

--- Comment #3 from Rimvydas (RJ)  ---
fmt_cache_1.f in valgrind is reproducible on aarch64-suse-linux

One scientific package has a tendency to crash in similar place.

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x40003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at
../../../libgfortran/io/format.c:272
272   if (GFC_DESCRIPTOR_DATA(fnp->u.udf.vlist))
(gdb) where
#0  0x40003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at
../../../libgfortran/io/format.c:272
#1  0x40003b935d44 in save_parsed_format (dtp=0xd6551200) at
../../../libgfortran/io/format.c:146
#2  _gfortrani_parse_format (dtp=dtp@entry=0xd6551200) at
../../../libgfortran/io/format.c:1353
#3  0x40003b944878 in data_transfer_init (dtp=0xd6551200,
dtp@entry=0xd6551260, read_flag=read_flag@entry=0)
at ../../../libgfortran/io/transfer.c:2791
#4  0x40003b945208 in _gfortran_st_write (dtp=dtp@entry=0xd6551260) at
../../../libgfortran/io/transfer.c:4118
#5  0x00b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311
#6  0x00b62d50 in suphmf (kulout=20) at suphmf.F90:84
#7  0x008e85d4 in suphy (kulout=20) at suphy.F90:76
#8  0x007f3048 in su0yomb () at su0yomb.F90:628
#9  0x006ed0ac in cnt0 () at cnt0.F90:134
#10 0x006bf8c8 in master () at master.F90:76
#11 main (argc=argc@entry=1, argv=0xd6552ef1) at master.F90:3
#12 0x40003ba84830 in __libc_start_main (main=0x6bf84c , argc=1,
argv=0xd6551f38, init=, fini=, 
rtld_fini=, stack_end=) at libc-start.c:289
#13 0x006bf770 in _start ()

(gdb) p >array.array
$2 = (fnode (*)[64]) 0x4f293c90
(gdb) p/x sizeof(fmt->array.array)
$3 = 0x1000
(gdb) p fnp
$4 = (fnode *) 0x4f2957d0
(gdb) p *fnp
$5 = {format = FMT_DT, repeat = 48, next = 0x320031, source = 0x340033
, u = {real = {w = 53, 
  d = 54, e = 55}, string = {length = 53, p = 0x380037 }, integer = {w = 53, m = 54}, udf = {
  string = 0x360035 , string_len = 55, vlist = 0x3a0039}, w = 53, k = 53, r = 53,
n = 53, 
child = 0x360035}, count = 59, current = 0xa1}
(gdb) f 5
#5  0x00b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311
311 WRITE(UNIT=KULOUT,FMT='('' COMMON YOMPHY1 '')')

Attached patch solves runtime issue and valgrind no longer complains on
format.c.
Tested with GCC7 branch on openSUSE aarch64.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-10-25 Thread rimvydas.jas at gmail dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

Rimvydas (RJ)  changed:

   What|Removed |Added

 CC||rimvydas.jas at gmail dot com

--- Comment #2 from Rimvydas (RJ)  ---
Created attachment 42469
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42469=edit
Possible fix.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

2017-08-30 Thread dominiq at lps dot ens.fr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

Dominique d'Humieres  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2017-08-30
 Ever confirmed|0   |1

--- Comment #1 from Dominique d'Humieres  ---
An instrumented gfortran gives at run time

==59185==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62101150 at pc 0x00010b132896 bp 0x7fff554f6020 sp 0x7fff554f6018
READ of size 4 at 0x62101150 thread T0
#0 0x10b132895 in _gfortrani_free_format_data
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21895)
#1 0x10b132a46 in _gfortrani_free_format_hash_table
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21a46)
#2 0x10b1ae7a9 in close_unit_1
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa9d7a9)
#3 0x10b1ae9bf in _gfortrani_close_unit
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa9d9bf)
#4 0x10b123fc7 in _gfortran_st_close
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa12fc7)
#5 0x10a709ba1 in MAIN__
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10ba1)
#6 0x10a709bda in main
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10bda)
#7 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

0x62101150 is located 0 bytes to the right of 4176-byte region
[0x62100100,0x62101150)
allocated by thread T0 here:
#0 0x10cffb1da in wrap_malloc (/opt/gcc/gcc8w/lib/libasan.4.dylib+0x661da)
#1 0x10a714427  (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0x3427)
#2 0x10b13407f in _gfortrani_parse_format
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa2307f)
#3 0x10b19c279 in data_transfer_init
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa8b279)
#4 0x10b1a17d0 in _gfortran_st_write
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa907d0)
#5 0x10a7098e0 in MAIN__
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x108e0)
#6 0x10a709bda in main
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10bda)
#7 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

SUMMARY: AddressSanitizer: heap-buffer-overflow
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21895) in
_gfortrani_free_format_data
Shadow bytes around the buggy address:
  0x1c4201d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c4201e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c4201f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c420200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c420210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c420220: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
  0x1c420230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c420240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c420250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c420260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c420270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==59185==ABORTING

Program received signal SIGABRT: Process abort signal.

Also present in gcc7.

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

10 matches

Site Navigation

Mail list logo

Footer information