[Bug libfortran/83168] New: FAIL: gfortran.dg/fmt_f0_2.f90 with a sanitized libgfortran

Sun, 26 Nov 2017 07:43:38 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83168

            Bug ID: 83168
           Summary: FAIL: gfortran.dg/fmt_f0_2.f90 with a sanitized
                    libgfortran
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libfortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dominiq at lps dot ens.fr
  Target Milestone: ---

The test FAIL: gfortran.dg/fmt_f0_2.f90 fails with a sanitized libgfortran.
Compiling the reduced test

character(10000) :: str
  write(str, "(f0.0)") -huge(real(1.0,kind=8))
  print *, len(trim(str))
end

gives

==61211==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6120000002f7 at pc 0x00010fb72c53 bp 0x7ffee0ba8e90 sp 0x7ffee0ba8e88
WRITE of size 1 at 0x6120000002f7 thread T0
    #0 0x10fb72c52 in build_float_string write_float.def:665
    #1 0x10fb73ff0 in get_float_string write_float.def:1068
    #2 0x10fb76bd1 in write_float_0 write.c:1596
    #3 0x10fb791c9 in _gfortrani_write_f write.c:1623
    #4 0x10fb47d28 in formatted_transfer_scalar_write transfer.c:2041
    #5 0x10fb4aae9 in formatted_transfer transfer.c:2279
    #6 0x10fb3366e in _gfortran_transfer_real transfer.c:2310
    #7 0x10fb336a3 in _gfortran_transfer_real_write transfer.c:2316
    #8 0x10f053d9e in MAIN__ (a.out:x86_64+0x100000d9e)
    #9 0x10f053e98 in main (a.out:x86_64+0x100000e98)
    #10 0x7fff59553144 in start (libdyld.dylib:x86_64+0x1144)

0x6120000002f7 is located 0 bytes to the right of 311-byte region
[0x6120000001c0,0x6120000002f7)
allocated by thread T0 here:
    #0 0x11181de8d in wrap_malloc sanitizer_malloc_mac.inc:135
    #1 0x10f05a6e7 in _gfortrani_xmalloc memory.c:42
    #2 0x10fb6b522 in select_string write.c:1557
    #3 0x10fb76b46 in write_float_0 write.c:1592
    #4 0x10fb791c9 in _gfortrani_write_f write.c:1623
    #5 0x10fb47d28 in formatted_transfer_scalar_write transfer.c:2041
    #6 0x10fb4aae9 in formatted_transfer transfer.c:2279
    #7 0x10fb3366e in _gfortran_transfer_real transfer.c:2310
    #8 0x10fb336a3 in _gfortran_transfer_real_write transfer.c:2316
    #9 0x10f053d9e in MAIN__ (a.out:x86_64+0x100000d9e)
    #10 0x10f053e98 in main (a.out:x86_64+0x100000e98)
    #11 0x7fff59553144 in start (libdyld.dylib:x86_64+0x1144)

SUMMARY: AddressSanitizer: heap-buffer-overflow write_float.def:665 in
build_float_string
Shadow bytes around the buggy address:
  0x1c2400000000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c2400000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2400000020: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
  0x1c2400000030: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c2400000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c2400000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]fa
  0x1c2400000060: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c2400000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2400000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x1c2400000090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c24000000a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==61211==ABORTING

The result is the same for the KIND=10 and KIND=16 variants.

Reply via email to