[Bug fortran/55475] New: heap-buffer-overflow in fortran/error.c

Mon, 26 Nov 2012 12:49:04 -0800 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55475



             Bug #: 55475

           Summary: heap-buffer-overflow in fortran/error.c

    Classification: Unclassified

           Product: gcc

           Version: 4.8.0

            Status: UNCONFIRMED

          Severity: normal

          Priority: P3

         Component: fortran

        AssignedTo: unassig...@gcc.gnu.org

        ReportedBy: hjl.to...@gmail.com





[hjl@gnu-mic-1 gfortran]$

/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/testsuite/gfortran6/../../gfortran

-B/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/testsuite/gfortran6/../../

-B/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/x86_64-unknown-linux-gnu/./libgfortran/

/export/gnu/import/git/gcc/gcc/testsuite/gfortran.dg/line_length_4.f90 

-fno-diagnostics-show-caret   -O  -Wline-truncation -ffree-line-length-80 -S 

-mx32 -o line_length_4.s 

/export/gnu/import/git/gcc/gcc/testsuite/gfortran.dg/line_length_4.f90:8.85:



                     25  ), " Explanation ! "                         

=================================================================

==18910== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf6820398

at pc 0x583c85 bp 0xffff9ed0 sp 0xffff9ecc

READ of size 4 at 0xf6820398 thread T0

    #0 0x583c84

(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/f951+0x583c84)

0xf6820398 is located 0 bytes to the right of 344-byte region

[0xf6820240,0xf6820398)

allocated by thread T0 here:

    #0 0x24ae2dc

(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/f951+0x24ae2dc)

    #1 0x24a2c63

(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/f951+0x24a2c63)

Shadow byte and word:

  0x3ed04073: fb

  0x3ed04070: 00 00 00 fb

More shadow bytes:

  0x3ed04060: 00 00 00 00

  0x3ed04064: 00 00 00 00

  0x3ed04068: 00 00 00 00

  0x3ed0406c: 00 00 00 00

=>0x3ed04070: 00 00 00 fb

  0x3ed04074: fb fb fb fb

  0x3ed04078: fa fa fa fa

  0x3ed0407c: fa fa fa fa

  0x3ed04080: fa fa fa fa

Stats: 0M malloced (0M for red zones) by 3129 calls

Stats: 0M realloced by 312 calls

Stats: 0M freed by 961 calls

Stats: 0M really freed by 0 calls

Stats: 5M (1285 full pages) mmaped in 10 calls

  mmaps   by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 12:128; 13:64;

14:32; 15:16; 17:4; 

  mallocs by size class: 7:2646; 8:171; 9:77; 10:138; 11:81; 12:4; 13:7; 14:1;

15:2; 17:2; 

  frees   by size class: 7:688; 8:62; 9:68; 10:132; 11:9; 12:1; 13:1; 

  rfrees  by size class: 

Stats: malloc large: 4 small slow: 30

==18910== ABORTING[hjl@gnu-mic-1 gfortran]$ addr2line -e ../../f951 0x583c84

/export/gnu/import/git/gcc/gcc/fortran/error.c:393

[hjl@gnu-mic-1 gfortran]$

Reply via email to