[Bug c/79936] ICE with -Walloc-size-larger-than=32767

Tue, 07 Mar 2017 13:09:39 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79936

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2017-03-07
     Ever confirmed|0                           |1

--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
I can reproduce an ICE with a cross-compiler configured with
--enable-checking=all,valgrind.  I don't know yet if it's the same problem but
it does suggest a bug in the implementation of the warning.  The same ICE can
be reproduced with the following small test case.  For some reason, in the
second call to maybe_warn_alloc_args_overflow, the object pointed to by the
alloc_object_size_limit pointer has been trashed.  By the looks of it, the
block of memory it points to has been garbage-collected.  The pointer is
declared as 'static GTY(()) tree alloc_object_size_limit;' which, AFAIK, means
that it should be left alone by the garbage collector.

$ cat t.c && /build/x86_64-apple-darwin10.8.0/gcc-trunk/gcc/xgcc -B
/build/x86_64-apple-darwin10.8.0/gcc-trunk/gcc -S
-Walloc-size-larger-than=32767 t.c

void* f (void)
{
  return __builtin_malloc (1234);
}

void* g (void)
{
  return __builtin_malloc (1234);
}
==32458== Invalid read of size 2
==32458==    at 0x81E145: contains_struct_check (tree.h:3433)
==32458==    by 0x81E145: extended_tree (tree.h:5286)
==32458==    by 0x81E145: generic_wide_int<const tree_node*> (wide-int.h:745)
==32458==    by 0x81E145: to_widest (tree.h:5263)
==32458==    by 0x81E145: tree_int_cst_lt (tree.h:5375)
==32458==    by 0x81E145: maybe_warn_alloc_args_overflow(tree_node*,
tree_node*, tree_node**, int*) (calls.c:1392)
==32458==    by 0x81F112: initialize_argument_information(int, arg_data*,
args_size*, int, tree_node*, tree_node*, tree_node*, tree_node*,
cumulative_args_t, int, rtx_def**, int*, int*, int*, bool*, bool)
(calls.c:1940)
==32458==    by 0x82268A: expand_call(tree_node*, rtx_def*, int) (calls.c:3275)
==32458==    by 0x80FB71: expand_builtin(tree_node*, rtx_def*, rtx_def*,
machine_mode, int) (builtins.c:7471)
==32458==    by 0x954B10: expand_expr_real_1(tree_node*, rtx_def*,
machine_mode, expand_modifier, rtx_def**, bool) (expr.c:10822)
==32458==    by 0x964186: store_expr_with_bounds(tree_node*, rtx_def*, int,
bool, bool, tree_node*) (expr.c:5552)
==32458==    by 0x965DA0: expand_assignment(tree_node*, tree_node*, bool)
(expr.c:5321)
==32458==    by 0x839B6A: expand_call_stmt (cfgexpand.c:2656)
==32458==    by 0x839B6A: expand_gimple_stmt_1 (cfgexpand.c:3571)
==32458==    by 0x839B6A: expand_gimple_stmt(gimple*) (cfgexpand.c:3737)
==32458==    by 0x83B9FE: expand_gimple_basic_block(basic_block_def*, bool)
(cfgexpand.c:5744)
==32458==    by 0x84165E: (anonymous
namespace)::pass_expand::execute(function*) (cfgexpand.c:6357)
==32458==    by 0xBD5C5C: execute_one_pass(opt_pass*) (passes.c:2465)
==32458==    by 0xBD6527: execute_pass_list_1(opt_pass*) [clone .constprop.84]
(passes.c:2554)
==32458==  Address 0xc7023c0 is in a rw- anonymous segment
==32458== 
==32458== Invalid read of size 1
==32458==    at 0x81E14F: contains_struct_check (tree.h:3433)
==32458==    by 0x81E14F: extended_tree (tree.h:5286)
==32458==    by 0x81E14F: generic_wide_int<const tree_node*> (wide-int.h:745)
==32458==    by 0x81E14F: to_widest (tree.h:5263)
==32458==    by 0x81E14F: tree_int_cst_lt (tree.h:5375)
==32458==    by 0x81E14F: maybe_warn_alloc_args_overflow(tree_node*,
tree_node*, tree_node**, int*) (calls.c:1392)
==32458==    by 0x81F112: initialize_argument_information(int, arg_data*,
args_size*, int, tree_node*, tree_node*, tree_node*, tree_node*,
cumulative_args_t, int, rtx_def**, int*, int*, int*, bool*, bool)
(calls.c:1940)
==32458==    by 0x82268A: expand_call(tree_node*, rtx_def*, int) (calls.c:3275)
==32458==    by 0x80FB71: expand_builtin(tree_node*, rtx_def*, rtx_def*,
machine_mode, int) (builtins.c:7471)
==32458==    by 0x954B10: expand_expr_real_1(tree_node*, rtx_def*,
machine_mode, expand_modifier, rtx_def**, bool) (expr.c:10822)
==32458==    by 0x964186: store_expr_with_bounds(tree_node*, rtx_def*, int,
bool, bool, tree_node*) (expr.c:5552)
==32458==    by 0x965DA0: expand_assignment(tree_node*, tree_node*, bool)
(expr.c:5321)
==32458==    by 0x839B6A: expand_call_stmt (cfgexpand.c:2656)
==32458==    by 0x839B6A: expand_gimple_stmt_1 (cfgexpand.c:3571)
==32458==    by 0x839B6A: expand_gimple_stmt(gimple*) (cfgexpand.c:3737)
==32458==    by 0x83B9FE: expand_gimple_basic_block(basic_block_def*, bool)
(cfgexpand.c:5744)
==32458==    by 0x84165E: (anonymous
namespace)::pass_expand::execute(function*) (cfgexpand.c:6357)
==32458==    by 0xBD5C5C: execute_one_pass(opt_pass*) (passes.c:2465)
==32458==    by 0xBD6527: execute_pass_list_1(opt_pass*) [clone .constprop.84]
(passes.c:2554)
==32458==  Address 0x2806161 is not stack'd, malloc'd or (recently) free'd
==32458== 
t.c: In function ā€˜gā€™:
t.c:8:10: internal compiler error: Segmentation fault
   return __builtin_malloc (1234);
          ^~~~~~~~~~~~~~~~~~~~~~~
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://gcc.gnu.org/bugs/> for instructions.

Reply via email to