https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99624
Bug ID: 99624 Summary: Address sanitizer detects heap-buffer-overflow in namet.adb Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: ada Assignee: unassigned at gcc dot gnu.org Reporter: zeccav at gmail dot com Target Milestone: --- While building the ada compiler the address sanitizer detecst an heap-buffer-overflow in namet.adb line 157: Index : constant Int := Name_Entries.Table (Id).Name_Chars_Index; because Id=-399990000 make[7]: Entering directory '/home/vitti/gcc-150321-ada-address/gcc/ada/rts' /home/vitti/gcc-150321-ada-address/./gcc/xgcc -B/home/vitti/gcc-150321-ada-address/./gcc/ -B/home/vitti/local/gcc-150321-ada-address/x86_64-pc-linux-gnu/bin/ -B/home/vitti/local/gcc-150321-ada-address/x86_64-pc-linux-gnu/lib/ -isystem /home/vitti/local/gcc-150321-ada-address/x86_64-pc-linux-gnu/include -isystem /home/vitti/local/gcc-150321-ada-address/x86_64-pc-linux-gnu/sys-include -c -g -O2 -fpic -W -Wall -gnatpg -nostdinc a-assert.adb -o a-assert.o ================================================================= ==1168930==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6320000007e0 at pc 0x00000093e734 bp 0x7ffe21e0f6b0 sp 0x7ffe21e0f6a8 READ of size 4 at 0x6320000007e0 thread T0 #0 0x93e733 in namet__append__5 ../../gcc-150321/gcc/ada/namet.adb:157 #1 0x93f260 in namet__append_decoded ../../gcc-150321/gcc/ada/namet.adb:177 #2 0x942c2c in namet__get_decoded_name_string ../../gcc-150321/gcc/ada/namet.adb:787 #3 0xe1769e in sem_util__get_default_external_name ../../gcc-150321/gcc/ada/sem_util.adb:10490 #4 0x8adfd5 in freeze__freeze_entity ../../gcc-150321/gcc/ada/freeze.adb:5493 #5 0x8ac9a5 in freeze__freeze_before ../../gcc-150321/gcc/ada/freeze.adb:2126 #6 0xbb087c in sem_ch3__analyze_object_declaration ../../gcc-150321/gcc/ada/sem_ch3.adb:4152 #7 0xaa2e76 in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:351 #8 0xbaadf0 in sem_ch3__analyze_declarations ../../gcc-150321/gcc/ada/sem_ch3.adb:2655 #9 0xc63de4 in sem_ch7__analyze_package_specification ../../gcc-150321/gcc/ada/sem_ch7.adb:1582 #10 0xaa3092 in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:459 #11 0xc638b0 in sem_ch7__analyze_package_declaration ../../gcc-150321/gcc/ada/sem_ch7.adb:1210 #12 0xaa3065 in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:450 #13 0xb0386d in sem_ch10__analyze_compilation_unit ../../gcc-150321/gcc/ada/sem_ch10.adb:913 #14 0xaa2b1f in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:180 #15 0xaa5125 in sem__semantics__do_analyze ../../gcc-150321/gcc/ada/sem.adb:1421 #16 0xaa5d48 in sem__semantics ../../gcc-150321/gcc/ada/sem.adb:1615 #17 0xb0376a in sem_ch10__analyze_compilation_unit ../../gcc-150321/gcc/ada/sem_ch10.adb:878 #18 0xaa2b1f in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:180 #19 0xaa5125 in sem__semantics__do_analyze ../../gcc-150321/gcc/ada/sem.adb:1421 #20 0xaa5d48 in sem__semantics ../../gcc-150321/gcc/ada/sem.adb:1615 #21 0xb0957b in sem_ch10__analyze_with_clause ../../gcc-150321/gcc/ada/sem_ch10.adb:2634 #22 0xaa338d in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:613 #23 0xb04fdd in sem_ch10__analyze_context ../../gcc-150321/gcc/ada/sem_ch10.adb:1433 #24 0xb03268 in sem_ch10__analyze_compilation_unit ../../gcc-150321/gcc/ada/sem_ch10.adb:700 #25 0xaa2b1f in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:180 #26 0xaa5125 in sem__semantics__do_analyze ../../gcc-150321/gcc/ada/sem.adb:1421 #27 0xaa5d48 in sem__semantics ../../gcc-150321/gcc/ada/sem.adb:1615 #28 0xb032b7 in sem_ch10__analyze_compilation_unit ../../gcc-150321/gcc/ada/sem_ch10.adb:719 #29 0xaa2b1f in sem__analyze ../../gcc-150321/gcc/ada/sem.adb:180 #30 0xaa5125 in sem__semantics__do_analyze ../../gcc-150321/gcc/ada/sem.adb:1421 #31 0xaa5d48 in sem__semantics ../../gcc-150321/gcc/ada/sem.adb:1615 #32 0x8d0e5f in _ada_frontend ../../gcc-150321/gcc/ada/frontend.adb:422 #33 0xefdd8c in _ada_gnat1drv ../../gcc-150321/gcc/ada/gnat1drv.adb:1237 #34 0x496d83 in gnat_parse_file ../../gcc-150321/gcc/ada/gcc-interface/misc.c:118 #35 0x2182d2d in compile_file ../../gcc-150321/gcc/toplev.c:457 #36 0x218bfe8 in do_compile ../../gcc-150321/gcc/toplev.c:2201 #37 0x218c84b in toplev::main(int, char**) ../../gcc-150321/gcc/toplev.c:2340 #38 0x4c08b33 in main ../../gcc-150321/gcc/main.c:39 #39 0x1468000181e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1) #40 0x41c48d in _start (/home/vitti/gcc-150321-ada-address/gcc/gnat1+0x41c48d) 0x6320000007e0 is located 32 bytes to the left of 96000-byte region [0x632000000800,0x632000017f00) allocated by thread T0 here: #0 0x146800786a8f in __interceptor_malloc ../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0xa50761 in __gnat_malloc ../../gcc-150321/gcc/ada/libgnat/s-memory.adb:81 #2 0x93ce5b in namet__name_entries__reallocate ../../gcc-150321/gcc/ada/table.adb:208 #3 0x93ccbd in namet__name_entries__init ../../gcc-150321/gcc/ada/table.adb:147 #4 0x947bc5 in namet___elabs ../../gcc-150321/gcc/ada/table.adb:393 #5 0xf0204d in adainit ada/b_gnat1.adb:334 #6 0x496d7e in gnat_parse_file ../../gcc-150321/gcc/ada/gcc-interface/misc.c:115 #7 0x2182d2d in compile_file ../../gcc-150321/gcc/toplev.c:457 #8 0x218bfe8 in do_compile ../../gcc-150321/gcc/toplev.c:2201 #9 0x218c84b in toplev::main(int, char**) ../../gcc-150321/gcc/toplev.c:2340 #10 0x4c08b33 in main ../../gcc-150321/gcc/main.c:39 #11 0x1468000181e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1) SUMMARY: AddressSanitizer: heap-buffer-overflow ../../gcc-150321/gcc/ada/namet.adb:157 in namet__append__5 Shadow bytes around the buggy address: 0x0c647fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c647fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c647fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c647fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c647fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c647fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa 0x0c647fff8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c647fff8110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c647fff8120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c647fff8130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c647fff8140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==1168930==ABORTING