https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62216
Bug ID: 62216
Summary: UBSan can read past valid memory region
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: y.gribov at samsung dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
hjl.tools at gmail dot com, jakub at gcc dot gnu.org,
kcc at gcc dot gnu.org, polacek at redhat dot com
It looks like currently when reporting context for memory-related errors, UBSan
may read past the end of valid memory region causing segfaults. The related
code is in renderMemorySnippet (in ubsan_diag.cc):
// Emit data.
for (uptr P = Min; P != Max; ++P) {
// FIXME: Check that the address is readable before printing it.
unsigned char C = *reinterpret_cast<const unsigned char*>(P);
Printf("%s%02x", (P % 8 == 0) ? " " : " ", C);
}
Printf("\n");
Here Max is usually Addr + 28 thus potentially overflowing valid memory range.
Unfortunately I don't have a proper reprocase because the error does not
reproduce on current GCC trunk on x64. But this does appear in our autotests
e.g. see https://gcc.gnu.org/ml/gcc-testresults/2014-08/msg02038.html :
FAIL: c-c++-common/ubsan/align-4.c -O2 -flto -fuse-linker-plugin
-fno-fat-lto-objects execution test
