https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78234
Bug ID: 78234
Summary: [7 Regression] LLVM reports
dynamic-stack-buffer-overflow in
gimple-ssa-store-merging.c
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: trippels at gcc dot gnu.org
CC: ktkachov at gcc dot gnu.org
Target Milestone: ---
with CXX="clang++ -fsanitize=address -fsanitize-address-use-after-scope"
../gcc/configure ...
I get:
markus@x4 libgcc % LSAN_OPTIONS="detect_leaks=0"
/var/tmp/gcc_build_dir_/./gcc/xgcc -B/var/tmp/gcc_build_dir_/./gcc/
-B/usr/local/x86_64-pc-linux-gnu/bin/ -B/usr/local/x86_64-pc-linux-gnu/lib/
-isystem /usr/local/x86_64-pc-linux-gnu/include -isystem
/usr/local/x86_64-pc-linux-gnu/sys-include -g -O2 -O2 -g -O2 -DIN_GCC -W
-Wall -Wno-narrowing -Wwrite-strings -Wcast-qual -Wstrict-prototypes
-Wmissing-prototypes -Wold-style-definition -isystem ./include -fpic
-mlong-double-80 -DUSE_ELF_SYMVER -g -DIN_LIBGCC2 -fbuilding-libgcc
-fno-stack-protector -fpic -mlong-double-80 -DUSE_ELF_SYMVER -I. -I.
-I../.././gcc -I../../../gcc/libgcc -I../../../gcc/libgcc/.
-I../../../gcc/libgcc/../gcc -I../../../gcc/libgcc/../include
-I../../../gcc/libgcc/config/libbid -DENABLE_DECIMAL_BID_FORMAT -DHAVE_CC_TLS
-DUSE_TLS -Wno-missing-prototypes -Wno-type-limits -o trunctfxf2.o -MT
trunctfxf2.o
-MD -MP -MF trunctfxf2.dep -c ../../../gcc/libgcc/soft-fp/trunctfxf2.c
-fvisibility=hidden -DHIDE_EXPORTS
=================================================================
==4958==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fff682b1f03 at pc 0x000002f8cb35 bp 0x7fff682b1eb0 sp 0x7fff682b1ea8
READ of size 1 at 0x7fff682b1f03 thread T0
#0 0x2f8cb34 in (anonymous namespace)::clear_bit_region(unsigned char*,
unsigned int, unsigned int)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:332:14
#1 0x2f8bf63 in (anonymous namespace)::encode_tree_to_bitpos(tree_node*,
unsigned char*, int, int, unsigned int)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:449:6
#2 0x2f8b4c6 in (anonymous namespace)::merged_store_group::apply_stores()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:657:18
#3 0x2f8787f in (anonymous
namespace)::imm_store_chain_info::coalesce_immediate_stores()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:925:24
#4 0x2f8787f in (anonymous
namespace)::imm_store_chain_info::terminate_and_process_chain()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:1260
#5 0x2f8787f in (anonymous
namespace)::pass_store_merging::terminate_and_release_chain((anonymous
namespace)::imm_store_chain_info*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:844
#6 0x2f8a72e in (anonymous
namespace)::pass_store_merging::terminate_all_aliasing_chains((anonymous
namespace)::imm_store_chain_info**, bool, gimple*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:829:4
#7 0x2f85e1f in (anonymous
namespace)::pass_store_merging::execute(function*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:1488:4
#8 0x1630b4a in execute_one_pass(opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2341:22
#9 0x1632baa in execute_pass_list_1(opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2430:11
#10 0x1632bcf in execute_pass_list_1(opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2431:9
#11 0x1601146 in execute_pass_list(function*, opt_pass*)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/passes.c:2441:3
#12 0xb7ffbb in cgraph_node::expand()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2001:3
#13 0xb8a28a in expand_all_functions()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2137:10
#14 0xb8a28a in symbol_table::compile()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2494
#15 0xb8bf50 in symbol_table::finalize_compilation_unit()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/cgraphunit.c:2584:3
#16 0x18bc495 in compile_file()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/toplev.c:493:15
#17 0x18ba33e in do_compile()
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/toplev.c:2012:11
#18 0x18ba33e in toplev::main(int, char**)
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/toplev.c:2146
#19 0x327a648 in main
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/main.c:39:17
#20 0x7f4f7fb932f0 in __libc_start_main
/home/markus/glibc/csu/../csu/libc-start.c:286
#21 0x588e69 in _start /home/markus/glibc/csu/../sysdeps/x86_64/start.S:120
Address 0x7fff682b1f03 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
/var/tmp/gcc_build_dir_/gcc/../../gcc/gcc/gimple-ssa-store-merging.c:332:14 in
(anonymous namespace)::clear_bit_region(unsigned char*, unsigned int, unsigned
int)
Shadow bytes around the buggy address:
0x10006d04e390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e3a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e3b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e3c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e3d0: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
=>0x10006d04e3e0:[03]cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
0x10006d04e3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006d04e420: f1 f1 f1 f1 f8 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2
0x10006d04e430: f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f8 f8 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4958==ABORTING
