[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so

Wed, 30 Aug 2017 05:36:31 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2017-08-30
     Ever confirmed|0                           |1

--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
An instrumented gfortran gives at run time

==59185==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x621000001150 at pc 0x00010b132896 bp 0x7fff554f6020 sp 0x7fff554f6018
READ of size 4 at 0x621000001150 thread T0
    #0 0x10b132895 in _gfortrani_free_format_data
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21895)
    #1 0x10b132a46 in _gfortrani_free_format_hash_table
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21a46)
    #2 0x10b1ae7a9 in close_unit_1
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa9d7a9)
    #3 0x10b1ae9bf in _gfortrani_close_unit
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa9d9bf)
    #4 0x10b123fc7 in _gfortran_st_close
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa12fc7)
    #5 0x10a709ba1 in MAIN__
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000ba1)
    #6 0x10a709bda in main
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000bda)
    #7 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

0x621000001150 is located 0 bytes to the right of 4176-byte region
[0x621000000100,0x621000001150)
allocated by thread T0 here:
    #0 0x10cffb1da in wrap_malloc (/opt/gcc/gcc8w/lib/libasan.4.dylib+0x661da)
    #1 0x10a714427  (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0x3427)
    #2 0x10b13407f in _gfortrani_parse_format
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa2307f)
    #3 0x10b19c279 in data_transfer_init
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa8b279)
    #4 0x10b1a17d0 in _gfortran_st_write
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa907d0)
    #5 0x10a7098e0 in MAIN__
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000008e0)
    #6 0x10a709bda in main
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100000bda)
    #7 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

SUMMARY: AddressSanitizer: heap-buffer-overflow
(/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21895) in
_gfortrani_free_format_data
Shadow bytes around the buggy address:
  0x1c42000001d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c42000001e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c42000001f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c4200000200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c4200000210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c4200000220: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
  0x1c4200000230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c4200000240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c4200000250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c4200000260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c4200000270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==59185==ABORTING

Program received signal SIGABRT: Process abort signal.

Also present in gcc7.

Reply via email to