http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
Bug ID: 59148
Summary: FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0
execution test on darwin13
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: howarth at nitro dot med.uc.edu
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
At r204847, on x86_64-apple-darwin13, the following regressions remain...
=== gcc tests ===
Running target unix/-m32
FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
=== gcc Summary for unix/-m32 ===
# of expected passes 324
# of unexpected failures 1
# of unsupported tests 101
Running target unix/-m64
FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
=== gcc Summary for unix/-m64 ===
# of expected passes 324
# of unexpected failures 1
# of unsupported tests 101
=== gcc Summary ===
# of expected passes 648
# of unexpected failures 2
# of unsupported tests 202
/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc version 4.9.0
20131115 (experimental) (GCC)
Compiler version: 4.9.0 20131115 (experimental) (GCC)
Platform: x86_64-apple-darwin13.0.0
configure flags: --prefix=/sw --prefix=/sw/lib/gcc4.9 --mandir=/sw/share/man
--infodir=/sw/lib/gcc4.9/info
--enable-languages=c,c++,fortran,lto,objc,obj-c++,java --with-gmp=/sw
--with-libiconv-prefix=/sw --with-isl=/sw --with-cloog=/sw --with-mpc=/sw
--with-system-zlib --enable-checking=yes --x-includes=/usr/X11R6/include
--x-libraries=/usr/X11R6/lib --program-suffix=-fsf-4.9
The failures appear as...
Executing on host: /sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131115/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/
-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs
-fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never
-O0 -fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -o
./strncpy-overflow-1.exe (timeout = 300)
spawn /sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131115/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/
-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs
-fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -o ./strncpy-overflow-1.exe^M
PASS: c-c++-common/asan/strncpy-overflow-1.c -O0 (test for excess errors)
Setting LD_LIBRARY_PATH to
:/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc:/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs::/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc:/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs:/usr/local/NMRPipe/nmrbin.mac/lib
spawn [open ...]^M
FAIL: c-c++-common/asan/strncpy-overflow-1.c -O0 execution test
If I compile the failing test case with...
/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131115/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/
-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin13.0.0/i386/libsanitizer/asan/.libs
-fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never -O0
-fno-builtin-malloc -fno-builtin-strncpy -lm -m32 -mmacosx-version-min=10.8 -o
./strncpy-overflow-1.exe
it still 'FAILS' by passing, but if I move that strncpy-overflow-1.exe binary
to a x86_64-apple-darwin12 box with the same build of gcc trunk on the
x86_64-apple-darwin12 target, it works as expected...
% ./strncpy-overflow-1.exe
=================================================================
==16663==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x01c00759 at
pc 0xd501d bp 0xbff428a8 sp 0xbff42488
WRITE of size 10 at 0x01c00759 thread T0
#0 0xd501c (/sw/lib/gcc4.9/lib/i386/libasan.1.dylib+0x1101c)
#1 0xbed41 (/Users/howarth/./strncpy-overflow-1.exe+0x1d41)
#2 0x99852724 (/usr/lib/system/libdyld.dylib+0x2724)
#3 0x0
0x01c00759 is located 0 bytes to the right of 9-byte region
[0x01c00750,0x01c00759)
allocated by thread T0 here:
#0 0xde0f2 (/sw/lib/gcc4.9/lib/i386/libasan.1.dylib+0x1a0f2)
#1 0xbed28 (/Users/howarth/./strncpy-overflow-1.exe+0x1d28)
#2 0x99852724 (/usr/lib/system/libdyld.dylib+0x2724)
#3 0x0
Shadow bytes around the buggy address:
0x20380090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x203800d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x203800e0: fa fa fa fa fa fa fa fa fa fa 00[01]fa fa 06 fa
0x203800f0: fa fa 00 fa fa fa 00 04 fa fa 00 07 fa fa fd fa
0x20380100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x20380110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x20380120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x20380130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==16663==ABORTING
