[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 Jakub Jelinek jakub at gcc dot gnu.org changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution||DUPLICATE Target Milestone|--- |4.8.0 --- Comment #10 from Jakub Jelinek jakub at gcc dot gnu.org 2012-11-28 08:11:16 UTC --- No need to attach hundreds of outputs. All this is because asan doesn't support __builtin_longjmp right now, which these tests use (see testsuite/gcc.c-torture/execute/builtins/lib/chk.c). *** This bug has been marked as a duplicate of bug 55485 ***
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #1 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 00:35:52 UTC --- Created attachment 28803 -- http://gcc.gnu.org/bugzilla/attachment.cgi?id=28803 assembly file for gcc.c-torture/execute/builtins/memcpy-chk.c -O1 -fsanitize=address
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #2 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 00:51:22 UTC --- Similar failures are seen for FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O1 FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O2 FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O3 -fomit-frame-pointer FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O3 -fomit-frame-pointer -funroll-loops FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O3 -fomit-frame-pointer -funroll-all-loops -finline-functions FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O3 -g FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -Os FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -Og -g FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O2 -flto -flto-partition=none FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O2 -flto which appears of the form... Executing on host: /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/xgcc -B/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/ /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/memmove-chk.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/memmove-chk-lib.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c -fno-diagnostics-show-caret -w -O1 -fno-tree-loop-distribute-patterns -lm -fsanitize=address -o /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/memmove-chk.x1 (timeout = 300) PASS: gcc.c-torture/execute/builtins/memmove-chk.c compilation, -O1 Setting LD_LIBRARY_PATH to :/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc::/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc = ==67260== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff5268aa34 at pc 0x10d577acb bp 0x7fff5268a9e0 sp 0x7fff5268a9d8 WRITE of size 1 at 0x7fff5268aa34 thread T0 #0 0x10d577aca (/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/memmove-chk.x1+0x15aca) #1 0x0 Address 0x7fff5268aa34 is located at offset 52 in frame test5 of T0's stack: This frame has 1 object(s): [32, 52) 'buf3' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Shadow byte and word: 0x1fffea4d1546: 4 0x1fffea4d1540: f1 f1 f1 f1 00 00 04 f4 More shadow bytes: 0x1fffea4d1520: 00 00 00 00 00 00 00 00 0x1fffea4d1528: 00 00 00 00 00 00 00 00 0x1fffea4d1530: 00 00 00 00 00 00 00 00 0x1fffea4d1538: 00 00 00 00 00 00 00 00 =0x1fffea4d1540: f1 f1 f1 f1 00 00 04 f4 0x1fffea4d1548: f3 f3 f3 f3 00 00 00 00 0x1fffea4d1550: 00 00 00 00 00 00 00 00 0x1fffea4d1558: 00 00 00 00 00 00 00 00 0x1fffea4d1560: 00 00 00 00 00 00 00 00 Stats: 0M malloced (0M for red zones) by 0 calls Stats: 0M realloced by 0 calls Stats: 0M freed by 0 calls Stats: 0M really freed by 0 calls Stats: 0M (0 full pages) mmaped in 0 calls mmaps by size class: mallocs by size class: frees by size class: rfrees by size class: Stats: malloc large: 0 small slow: 0 ==67260== ABORTING FAIL: gcc.c-torture/execute/builtins/memmove-chk.c execution, -O1
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #3 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 00:54:19 UTC --- Created attachment 28804 -- http://gcc.gnu.org/bugzilla/attachment.cgi?id=28804 assembly file for gcc.c-torture/execute/builtins/memmove-chk.c -O1 -fsanitize=address
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #4 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 00:58:03 UTC --- Similar failures are seen for FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O1 FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O2 FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O3 -fomit-frame-pointer FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O3 -fomit-frame-pointer -funroll-loops FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O3 -fomit-frame-pointer -funroll-all-loops -finline-functions FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O3 -g FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -Os FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -Og -g FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O2 -flto -flto-partition=none FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O2 -flto which appears of the form... Executing on host: /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/xgcc -B/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/ /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/mempcpy-chk.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/mempcpy-chk-lib.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c -fno-diagnostics-show-caret -w -O0 -fno-tree-loop-distribute-patterns -lm -fsanitize=address -o /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/mempcpy-chk.x0 (timeout = 300) PASS: gcc.c-torture/execute/builtins/mempcpy-chk.c compilation, -O0 Setting LD_LIBRARY_PATH to :/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc::/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc PASS: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O0 Executing on host: /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/xgcc -B/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/ /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/mempcpy-chk.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/mempcpy-chk-lib.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c -fno-diagnostics-show-caret -w -O1 -fno-tree-loop-distribute-patterns -lm -fsanitize=address -o /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/mempcpy-chk.x1 (timeout = 300) PASS: gcc.c-torture/execute/builtins/mempcpy-chk.c compilation, -O1 Setting LD_LIBRARY_PATH to :/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc::/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc = ==68188== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff5f518a34 at pc 0x1006e9a09 bp 0x7fff5f5189e0 sp 0x7fff5f5189d8 WRITE of size 1 at 0x7fff5f518a34 thread T0 #0 0x1006e9a08 (/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/mempcpy-chk.x1+0x15a08) #1 0x0 Address 0x7fff5f518a34 is located at offset 52 in frame test4 of T0's stack: This frame has 1 object(s): [32, 52) 'buf3' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Shadow byte and word: 0x1fffebea3146: 4 0x1fffebea3140: f1 f1 f1 f1 00 00 04 f4 More shadow bytes: 0x1fffebea3120: 00 00 00 00 00 00 00 00 0x1fffebea3128: 00 00 00 00 00 00 00 00 0x1fffebea3130: 00 00 00 00 00 00 00 00 0x1fffebea3138: 00 00 00 00 00 00 00 00 =0x1fffebea3140: f1 f1 f1 f1 00 00 04 f4 0x1fffebea3148: f3 f3 f3 f3 00 00 00 00 0x1fffebea3150: 00 00 00 00 00 00 00 00 0x1fffebea3158: 00 00 00 00 00 00 00 00 0x1fffebea3160: 00 00 00 00 00 00 00 00 Stats: 0M malloced (0M for red zones) by 0 calls Stats: 0M realloced by 0 calls Stats: 0M freed by 0 calls Stats: 0M really freed by 0 calls Stats: 0M (0 full pages) mmaped in 0 calls mmaps by size class: mallocs by size class: frees by size class: rfrees by size class: Stats: malloc large: 0 small slow: 0 ==68188== ABORTING FAIL: gcc.c-torture/execute/builtins/mempcpy-chk.c execution, -O1
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #5 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 00:59:45 UTC --- Created attachment 28805 -- http://gcc.gnu.org/bugzilla/attachment.cgi?id=28805 assembly file for gcc.c-torture/execute/builtins/mempcpy-chk.c -O1 -fsanitize=address
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #6 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 01:03:55 UTC --- Similar failures are seen for FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O1 FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O2 FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O3 -fomit-frame-pointer FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O3 -fomit-frame-pointer -funroll-loops FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O3 -fomit-frame-pointer -funroll-all-loops -finline-functions FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O3 -g FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -Os FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -Og -g FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O2 -flto -flto-partition=none FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O2 -flto which appears of the form... Executing on host: /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/xgcc -B/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/ /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/memset-chk.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/memset-chk-lib.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c -fno-diagnostics-show-caret -w -O1 -fno-tree-loop-distribute-patterns -lm -fsanitize=address -o /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/memset-chk.x1 (timeout = 300) PASS: gcc.c-torture/execute/builtins/memset-chk.c compilation, -O1 Setting LD_LIBRARY_PATH to :/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc::/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc = ==68667== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff575a2a44 at pc 0x10865c517 bp 0x7fff575a29f0 sp 0x7fff575a29e8 WRITE of size 1 at 0x7fff575a2a44 thread T0 #0 0x10865c516 (/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/memset-chk.x1+0x12516) #1 0x0 Address 0x7fff575a2a44 is located at offset 52 in frame test3 of T0's stack: This frame has 1 object(s): [32, 52) 'buf3' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Shadow byte and word: 0x1fffeaeb4548: 4 0x1fffeaeb4548: 04 f4 f3 f3 f3 f3 00 00 More shadow bytes: 0x1fffeaeb4528: 00 00 00 00 00 00 00 00 0x1fffeaeb4530: 00 00 00 00 00 00 00 00 0x1fffeaeb4538: 00 00 00 00 00 00 00 00 0x1fffeaeb4540: 00 00 f1 f1 f1 f1 00 00 =0x1fffeaeb4548: 04 f4 f3 f3 f3 f3 00 00 0x1fffeaeb4550: 00 00 00 00 00 00 00 00 0x1fffeaeb4558: 00 00 00 00 00 00 00 00 0x1fffeaeb4560: 00 00 00 00 00 00 00 00 0x1fffeaeb4568: 00 00 00 00 00 00 00 00 Stats: 0M malloced (0M for red zones) by 0 calls Stats: 0M realloced by 0 calls Stats: 0M freed by 0 calls Stats: 0M really freed by 0 calls Stats: 0M (0 full pages) mmaped in 0 calls mmaps by size class: mallocs by size class: frees by size class: rfrees by size class: Stats: malloc large: 0 small slow: 0 ==68667== ABORTING FAIL: gcc.c-torture/execute/builtins/memset-chk.c execution, -O1
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #7 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 01:05:22 UTC --- Created attachment 28806 -- http://gcc.gnu.org/bugzilla/attachment.cgi?id=28806 assembly file for gcc.c-torture/execute/builtins/memset-chk.c -O1 -fsanitize=address
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #8 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 01:08:34 UTC --- Similar failures are seen for FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O2 FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O3 -fomit-frame-pointer FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O3 -fomit-frame-pointer -funroll-loops FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O3 -fomit-frame-pointer -funroll-all-loops -finline-functions FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O3 -g FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O2 -flto -flto-partition=none FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O2 -flto which appears of the form... Executing on host: /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/xgcc -B/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/ /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/strcpy-chk.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/strcpy-chk-lib.c /sw/src/fink.build/gcc48-4.8.0-1000/gcc-4.8-20121127/gcc/testsuite/gcc.c-torture/execute/builtins/lib/main.c -fno-diagnostics-show-caret -w -O2 -fno-tree-loop-distribute-patterns -lm -fsanitize=address -o /sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/strcpy-chk.x2 (timeout = 300) PASS: gcc.c-torture/execute/builtins/strcpy-chk.c compilation, -O2 Setting LD_LIBRARY_PATH to :/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc::/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc = ==72385== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff54bbea54 at pc 0x10b040cd0 bp 0x7fff54bbe9f0 sp 0x7fff54bbe9e8 WRITE of size 1 at 0x7fff54bbea54 thread T0 #0 0x10b040ccf (/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/strcpy-chk.x2+0x12ccf) #1 0x10b045bc7 (/sw/src/fink.build/gcc48-4.8.0-1000/darwin_objdir/gcc/testsuite/gcc/strcpy-chk.x2+0x17bc7) Address 0x7fff54bbea54 is located at offset 52 in frame test4 of T0's stack: This frame has 1 object(s): [32, 52) 'buf3' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Shadow byte and word: 0x1fffea977d4a: 4 0x1fffea977d48: 00 00 04 f4 f3 f3 f3 f3 More shadow bytes: 0x1fffea977d28: 00 00 00 00 00 00 00 00 0x1fffea977d30: 00 00 00 00 00 00 00 00 0x1fffea977d38: 00 00 00 00 00 00 00 00 0x1fffea977d40: 00 00 00 00 f1 f1 f1 f1 =0x1fffea977d48: 00 00 04 f4 f3 f3 f3 f3 0x1fffea977d50: 00 00 00 00 00 00 00 00 0x1fffea977d58: 00 00 00 00 00 00 00 00 0x1fffea977d60: 00 00 00 00 00 00 00 00 0x1fffea977d68: 00 00 00 00 00 00 00 00 Stats: 0M malloced (0M for red zones) by 0 calls Stats: 0M realloced by 0 calls Stats: 0M freed by 0 calls Stats: 0M really freed by 0 calls Stats: 0M (0 full pages) mmaped in 0 calls mmaps by size class: mallocs by size class: frees by size class: rfrees by size class: Stats: malloc large: 0 small slow: 0 ==72385== ABORTING FAIL: gcc.c-torture/execute/builtins/strcpy-chk.c execution, -O2
[Bug sanitizer/55502] gcc.c-torture/execute/builtins/memcpy-chk.c execution failures with -fsanitize=address
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55502 --- Comment #9 from Jack Howarth howarth at nitro dot med.uc.edu 2012-11-28 01:10:42 UTC --- Created attachment 28807 -- http://gcc.gnu.org/bugzilla/attachment.cgi?id=28807 assembly file for gcc.c-torture/execute/builtins/strcpy-chk.c -O2 -fsanitize=address
