https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80308
Bug ID: 80308
Summary: asan crash on big-endian powerpc-linux target
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: bernd.edlinger at hotmail dot de
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
I use gcc-7 from snapshot, and glibc-2.19 and linux-2.6.29
I have crashes with an object of size 12,
in the constructor is a memset(this, 0, sizeof(*this));
asan crashes: note the impossible shadow bytes
look like little-bigendian issue, bytes should be
f2 f2 00 04 f2 f2 but are actually f2 f2 04 00 f2 f2
=================================================================
==8369==ERROR: AddressSanitizer: unknown-crash on address 0xbfa184e4 at pc
0x0fa67dbc bp 0xbfa17520 sp 0xbfa17528
WRITE of size 8 at 0xbfa184e4 thread T0
#0 0xfa67db8 in __interceptor_memset
../../../../gcc-7-20170402/libsanitizer/asan/asan_interceptors.cc:471
#1 0x11e9cdb0 in NodeIdStruct::NodeIdStruct(NodeIdStruct const&)
../../../../Core/OT/NodeIdStruct.cpp:23
#2 0x129fc884 in std::pair<NodeIdStruct const, SOCmnPointer<NodeReference>
>::pair<NodeIdStruct&, SOCmnPointer<NodeReference>&, true>(NodeIdStruct&,
SOCmnPointer<NodeReference>&)
/home/ed/gnu/powerpc-linux-new/powerpc-linux/include/c++/7.0.1/bits/stl_pair.h:324
#3 0x129fc884 in OTServerBaseNode::addReference(OTServerBaseNode*,
NodeIdStruct const*, bool) ../../../../Core/OT/OTServerBaseNode.cpp:671
#4 0x128ba1e4 in SOCmnPointer<OTServerObject>
OTServerAddressSpaceRoot::addObjectT<OTServerObject>(OTServerBaseNode*, char
const*, tagEnumNumericNodeId, tagEnumNumericNodeId, tagEnumNumericNodeId)
../../../../Core/OT/OTServerAddressSpaceRoot.cpp:2266
#5 0x1281d438 in OTServerAddressSpaceRoot::initialize(bool)
../../../../Core/OT/OTServerAddressSpaceRoot.cpp:886
#6 0x11f3a90c in
OTApplication::initialize_API(ApplicationDescriptionStruct*)
../../../../Core/OT/OTApplication.cpp:1389
#7 0x112ab07c in TestEnvironment::startApplication()
/home/ed/OPCToolboxV5/Source/Apps/Test/UnitTests/OT/TestEnvironment.cpp:52
#8 0x112ab07c in TestEnvironment::SetUp()
/home/ed/OPCToolboxV5/Source/Apps/Test/UnitTests/OT/TestEnvironment.cpp:10
#9 0x113a59a8 in SetUpEnvironment ../gmock-1.6.0/gtest/src/gtest.cc:4133
#10 0x113a59a8 in void
(*std::for_each<__gnu_cxx::__normal_iterator<testing::Environment* const*,
std::vector<testing::Environment*, std::allocator<testing::Environment*> > >,
void
(*)(testing::Environment*)>(__gnu_cxx::__normal_iterator<testing::Environment*
const*, std::vector<testing::Environment*,
std::allocator<testing::Environment*> > >,
__gnu_cxx::__normal_iterator<testing::Environment* const*,
std::vector<testing::Environment*, std::allocator<testing::Environment*> > >,
void (*)(testing::Environment*)))(testing::Environment*)
/home/ed/gnu/powerpc-linux-new/powerpc-linux/include/c++/7.0.1/bits/stl_algo.h:3884
#11 0x113a59a8 in void
testing::internal::ForEach<std::vector<testing::Environment*,
std::allocator<testing::Environment*> >, void
(*)(testing::Environment*)>(std::vector<testing::Environment*,
std::allocator<testing::Environment*> > const&, void
(*)(testing::Environment*)) ../gmock-1.6.0/gtest/src/gtest-internal-inl.h:287
#12 0x113a59a8 in testing::internal::UnitTestImpl::RunAllTests()
../gmock-1.6.0/gtest/src/gtest.cc:4229
#13 0x113aa6a0 in bool
testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
bool>(testing::internal::UnitTestImpl*, bool
(testing::internal::UnitTestImpl::*)(), char const*)
../gmock-1.6.0/gtest/src/gtest.cc:2090
#14 0x113aa6a0 in bool
testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
bool>(testing::internal::UnitTestImpl*, bool
(testing::internal::UnitTestImpl::*)(), char const*)
../gmock-1.6.0/gtest/src/gtest.cc:2126
#15 0x113aa6a0 in testing::UnitTest::Run()
../gmock-1.6.0/gtest/src/gtest.cc:3871
#16 0x1003b9e8 in main
/home/ed/OPCToolboxV5/Source/Apps/Test/UnitTests/OT/main.cpp:44
#17 0xeff0300 in generic_start_main ../csu/libc-start.c:285
Address 0xbfa184e4 is located in stack of thread T0 at offset 2724 in frame
#0 0x129f7c30 in OTServerBaseNode::addReference(OTServerBaseNode*,
NodeIdStruct const*, bool) ../../../../Core/OT/OTServerBaseNode.cpp:404
This frame has 112 object(s):
[32, 33) '<unknown>'
[96, 97) '<unknown>'
[160, 161) '<unknown>'
[224, 225) '<unknown>'
[288, 289) '<unknown>'
[352, 353) '<unknown>'
[416, 417) '<unknown>'
[480, 481) '<unknown>'
[544, 545) '<unknown>'
[608, 609) '<unknown>'
[672, 673) '<unknown>'
[736, 737) '<unknown>'
[800, 801) '<unknown>'
[864, 868) '<unknown>'
[928, 932) 'it'
[992, 996) '<unknown>'
[1056, 1060) '<unknown>'
[1120, 1124) '<unknown>'
[1184, 1188) '<unknown>'
[1248, 1252) '<unknown>'
[1312, 1316) '<unknown>'
[1376, 1380) '<unknown>'
[1440, 1444) 'it'
[1504, 1508) '<unknown>'
[1568, 1572) '<unknown>'
[1632, 1636) '<unknown>'
[1696, 1700) '<unknown>'
[1760, 1764) '<unknown>'
[1824, 1828) '<unknown>'
[1888, 1892) '<unknown>'
[1952, 1956) 'sourceNodeToRemoveReference'
[2016, 2020) 'targetNodeToRemoveReference'
[2080, 2084) 'pNewNodeReference'
[2144, 2148) '<unknown>'
[2208, 2212) '<unknown>'
[2272, 2280) 'addressSpaceLock'
[2336, 2344) 'hasSubtype'
[2400, 2408) 'parentType'
[2464, 2472) 'forwardRefIndex'
[2528, 2536) 'backwardRefIndex'
[2592, 2600) 'referenceTypeToRemove'
[2656, 2664) 'uniqueType'
[2720, 2732) '<unknown>' <== Memory access at offset 2724 is inside this
variable
[2784, 2796) '<unknown>'
[2848, 2864) 'messageStream'
[2912, 2928) 'messageStream'
[2976, 2992) 'messageStream'
[3040, 3056) 'messageStream'
[3104, 3120) 'messageStream'
[3168, 3184) 'messageStream'
[3232, 3248) 'messageStream'
[3296, 3312) 'messageStream'
[3360, 3376) 'messageStream'
[3424, 3440) 'messageStream'
[3488, 3504) 'messageStream'
[3552, 3576) '<unknown>'
[3616, 3640) '<unknown>'
[3680, 3704) '<unknown>'
[3744, 3768) '<unknown>'
[3808, 3832) '<unknown>'
[3872, 3896) '<unknown>'
[3936, 3960) '<unknown>'
[4000, 4024) '<unknown>'
[4064, 4088) '<unknown>'
[4128, 4152) '<unknown>'
[4192, 4216) '<unknown>'
[4256, 4280) '<unknown>'
[4320, 4344) '<unknown>'
[4384, 4408) '<unknown>'
[4448, 4472) '<unknown>'
[4512, 4536) '<unknown>'
[4576, 4600) '<unknown>'
[4640, 4664) '<unknown>'
[4704, 4728) '<unknown>'
[4768, 4792) '<unknown>'
[4832, 4856) '<unknown>'
[4896, 4920) '<unknown>'
[4960, 4984) '<unknown>'
[5024, 5048) '<unknown>'
[5088, 5112) '<unknown>'
[5152, 5176) '<unknown>'
[5216, 5240) '<unknown>'
[5280, 5304) '<unknown>'
[5344, 5368) '<unknown>'
[5408, 5432) '<unknown>'
[5472, 5496) '<unknown>'
[5536, 5560) '<unknown>'
[5600, 5624) '<unknown>'
[5664, 5688) '<unknown>'
[5728, 5752) '<unknown>'
[5792, 5816) '<unknown>'
[5856, 5880) '<unknown>'
[5920, 5944) '<unknown>'
[5984, 6008) '<unknown>'
[6048, 6072) '<unknown>'
[6112, 6136) '<unknown>'
[6176, 6200) '<unknown>'
[6240, 6264) '<unknown>'
[6304, 6328) '<unknown>'
[6368, 6400) 'findData'
[6432, 6508) '<unknown>'
[6560, 6636) '<unknown>'
[6688, 6764) '<unknown>'
[6816, 6892) '<unknown>'
[6944, 7020) '<unknown>'
[7072, 7148) '<unknown>'
[7200, 7276) '<unknown>'
[7328, 7404) '<unknown>'
[7456, 7532) '<unknown>'
[7584, 7660) '<unknown>'
[7712, 7788) '<unknown>'
[7840, 7916) '<unknown>'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: unknown-crash
../../../../gcc-7-20170402/libsanitizer/asan/asan_interceptors.cc:471 in
__interceptor_memset
Shadow bytes around the buggy address:
0x37f43040: f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
0x37f43050: f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
0x37f43060: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
0x37f43070: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
0x37f43080: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
=>0x37f43090: f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2[04]00 f2 f2
0x37f430a0: f2 f2 f2 f2 00 04 f2 f2 f2 f2 f2 f2 00 00 f2 f2
0x37f430b0: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2
0x37f430c0: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2
0x37f430d0: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2
0x37f430e0: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==8369==ABORTING
