(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

dominiq at lps dot ens.fr Wed, 21 Oct 2015 08:53:07 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68042


            Bug ID: 68042
           Summary: [6 Regression]
                    c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c)
                    failures on x86_64-apple-darwin14 after r229111
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dominiq at lps dot ens.fr
                CC: chefmax at gcc dot gnu.org, dodji at gcc dot gnu.org,
                    dvyukov at gcc dot gnu.org, iains at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---
              Host: x86_64-apple-darwin14
            Target: x86_64-apple-darwin14
             Build: x86_64-apple-darwin14

As reported at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68041 the test
c-c++-common/asan/sanity-check-pure-c-1.c fails with -m32 and -m64, while the
test c-c++-common/asan/memcmp-1.c fails with -m64 only (gcc or g++).

With r229078 the output for memcmp-1.c is

==78782==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff52f1c2a4 at pc 0x00010ccf9d99 bp 0x7fff52f1c260 sp 0x7fff52f1ba10
READ of size 6 at 0x7fff52f1c2a4 thread T0
    #0 0x10ccf9d98  (/opt/gcc/gcc6a/lib/libasan.2.dylib+0xed98)
    #1 0x10cce3db4 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000db4)
    #2 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

Address 0x7fff52f1c2a4 is located in stack of thread T0 at offset 36 in frame
    #0 0x10cce3cdb 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000cdb)

  This frame has 2 object(s):
    [32, 36) 'a1' <== Memory access at offset 36 overflows this variable
    [96, 100) 'a2'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
...

with r229123 the output is

==78732==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff5b7c82a4 at pc 0x000104486c10 bp 0x7fff5b7c8260 sp 0x7fff5b7c7a10
READ of size 6 at 0x7fff5b7c82a4 thread T0
    #0 0x104486c0f in wrap_memcmp.part.128
sanitizer_common_interceptors.inc:414
    #1 0x104437da1 in main (a.out+0x100000da1)
    #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

Address 0x7fff5b7c82a4 is located in stack of thread T0 at offset 36 in frame
    #0 0x104437cc6 in main (a.out+0x100000cc6)

  This frame has 2 object(s):
    [32, 36) 'a1' <== Memory access at offset 36 overflows this variable
    [96, 100) 'a2'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
sanitizer_common_interceptors.inc:414 in wrap_memcmp.part.128
...

The corresponding outputs for sanity-check-pure-c-1.c are

==79126==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000e095
at pc 0x00010624ff15 bp 0x7fff599b0320 sp 0x7fff599b0318
READ of size 1 at 0x60200000e095 thread T0
    #0 0x10624ff14 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000f14)
    #1 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #2 0x0  (<unknown module>)

0x60200000e095 is located 5 bytes inside of 10-byte region
[0x60200000e090,0x60200000e09a)
freed by thread T0 here:
    #0 0x1062872c9  (/opt/gcc/gcc6a/lib/libasan.2.dylib+0x322c9)
    #1 0x10624fed2 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ed2)
    #2 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x10628711a  (/opt/gcc/gcc6a/lib/libasan.2.dylib+0x3211a)
    #1 0x10624fec2 
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ec2)
    #2 0x7fff8d6885c8  (/usr/lib/system/libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
...

and

==79057==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000e095
at pc 0x00010880befe bp 0x7fff573f4320 sp 0x7fff573f4318
READ of size 1 at 0x60200000e095 thread T0
    #0 0x10880befd in main (a.out+0x100000efd)
    #1 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #2 0x0  (<unknown module>)

0x60200000e095 is located 5 bytes inside of 10-byte region
[0x60200000e090,0x60200000e09a)
freed by thread T0 here:
    #0 0x1088615d0 in wrap_free.part.0 asan_malloc_mac.cc:112
    #1 0x10880bebb in main (a.out+0x100000ebb)
    #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x1088602a7 in wrap_malloc asan_malloc_mac.cc:104
    #1 0x10880beab in main (a.out+0x100000eab)
    #2 0x7fff8d6885c8 in start (libdyld.dylib+0x35c8)
    #3 0x0  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free (a.out+0x100000efd) in main

[Bug sanitizer/68042] New: [6 Regression] c-c++-common/asan/(memcmp-1.c|sanity-check-pure-c-1.c) failures on x86_64-apple-darwin14 after r229111

Reply via email to