[Bug lto/55474] New: global-buffer-overflow in lto-wrapper.c

Mon, 26 Nov 2012 12:39:11 -0800 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55474



             Bug #: 55474

           Summary: global-buffer-overflow in lto-wrapper.c

    Classification: Unclassified

           Product: gcc

           Version: 4.8.0

            Status: UNCONFIRMED

          Severity: normal

          Priority: P3

         Component: lto

        AssignedTo: unassig...@gcc.gnu.org

        ReportedBy: hjl.to...@gmail.com





On Linux/x86-64, hjl/asan branch configured with

--with-build-config=bootstrap-asan reports:



[hjl@gnu-mic-1 gcc]$

/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/xgcc

-B/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/

/export/gnu/import/git/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/20010124-1.c

/export/gnu/import/git/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/20010124-1-lib.c

/export/gnu/import/git/gcc/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c

 -fno-diagnostics-show-caret  -w  -O2 -flto -fno-use-linker-plugin

-flto-partition=none  -fno-tree-loop-distribute-patterns  -lm   

=================================================================

==22576== ERROR: AddressSanitizer: global-buffer-overflow on address 0x004d24c4

at pc 0x405ac6 bp 0xffffca30 sp 0xffffca2c

READ of size 4 at 0x004d24c4 thread T0

    #0 0x405ac5

(/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/lto-wrapper+0x405ac5)

0x004d24c4 is located 28 bytes to the left of global variable

'global_options_init (options.c)' (0x4d24e0) of size 2440

0x004d24c4 is located 24 bytes to the right of global variable 'lang_names

(options.c)' (0x4d2480) of size 44

Shadow byte and word:

  0x2009a498: f9

  0x2009a498: f9 f9 f9 f9

More shadow bytes:

  0x2009a488: 04 f9 f9 f9

  0x2009a48c: f9 f9 f9 f9

  0x2009a490: 00 00 00 00

  0x2009a494: 00 04 f9 f9

=>0x2009a498: f9 f9 f9 f9

  0x2009a49c: 00 00 00 00

  0x2009a4a0: 00 00 00 00

  0x2009a4a4: 00 00 00 00

  0x2009a4a8: 00 00 00 00

Stats: 0M malloced (0M for red zones) by 142 calls

Stats: 0M realloced by 4 calls

Stats: 0M freed by 44 calls

Stats: 0M really freed by 0 calls

Stats: 3M (898 full pages) mmaped in 7 calls

  mmaps   by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 12:128; 13:64; 

  mallocs by size class: 7:103; 8:12; 9:12; 10:8; 11:1; 12:1; 13:5; 

  frees   by size class: 7:27; 8:2; 9:6; 10:5; 11:1; 13:3; 

  rfrees  by size class: 

Stats: malloc large: 0 small slow: 8

==22576== ABORTING

collect2: error: lto-wrapper returned 1 exit status

[hjl@gnu-mic-1 gcc]$ addr2line -e

/export/build/gnu/gcc-x32-mx32-asan/build-x86_64-linux/gcc/lto-wrapper 0x405ac5

/export/gnu/import/git/gcc/gcc/lto-wrapper.c:397

[hjl@gnu-mic-1 gcc]$

Reply via email to