[Bug c/113596] New: Stack memory leakage caused by inline alloca

Thu, 25 Jan 2024 01:31:26 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113596

            Bug ID: 113596
           Summary: Stack memory leakage caused by inline alloca
           Product: gcc
           Version: 8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sanpeqf at gmail dot com
  Target Milestone: ---

I discovered this issue while using inline alloca. I have tried changing to a
different version of gcc and found that this issue was introduced in gcc 8.0. I
have also tried changing to different architectures (on aarch64 and x86) and
can reproduce this issue.

The following is the code that triggers the error:

#include <string.h>

static inline __attribute__((always_inline))
int test_alloca(void)
{
    void *block;

    block = __builtin_alloca(0x100);
    memset(block, 0, 0x100);
    (void)block;

    return 0;
}

int main(int argc, const char *argv[])
{
    for (;;)
        test_alloca();
    return 0;
}

The following tests were conducted on this machine:

# gcc issue.c
# ./a.out
Segmentation fault (core dumped)

# gcc -fsanitize=address issue.c
# ./a.out
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1108774==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe6b152f78
(pc 0x7fd7bfa5a8ab bp 0x7ffe6b1537d0 sp 0x7ffe6b152f80 T0)
    #0 0x7fd7bfa5a8ab in memset (/lib64/libasan.so.8+0x5a8ab) (BuildId:
7fcb7759bc17ef47f9682414b6d99732d6a6ab0c)
    #1 0x4011c8 in main (/disk/files/workspace/gcc-issue/a.out+0x4011c8)
(BuildId: 66d839c602ac12950f3212be978c5c471e7c06e3)
    #2 0x7fd7bf846149 in __libc_start_call_main (/lib64/libc.so.6+0x28149)
(BuildId: 788cdd41a15985bf8e0a48d213a46e07d58822df)
    #3 0x7fd7bf84620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a)
(BuildId: 788cdd41a15985bf8e0a48d213a46e07d58822df)
    #4 0x401094 in _start (/disk/files/workspace/gcc-issue/a.out+0x401094)
(BuildId: 66d839c602ac12950f3212be978c5c471e7c06e3)

SUMMARY: AddressSanitizer: stack-overflow (/lib64/libasan.so.8+0x5a8ab)
(BuildId: 7fcb7759bc17ef47f9682414b6d99732d6a6ab0c) in memset
==1108774==ABORTING

# gcc -v
...
gcc version 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)

# objdump -d ./a.out
...
0000000000401126 <main>:
main():
  401126:       55                      push   %rbp
  401127:       48 89 e5                mov    %rsp,%rbp
  40112a:       48 83 ec 20             sub    $0x20,%rsp
  40112e:       89 7d ec                mov    %edi,-0x14(%rbp)
  401131:       48 89 75 e0             mov    %rsi,-0x20(%rbp)
  401135:       b8 10 00 00 00          mov    $0x10,%eax
  40113a:       48 83 e8 01             sub    $0x1,%rax
  40113e:       48 05 08 01 00 00       add    $0x108,%rax
  401144:       b9 10 00 00 00          mov    $0x10,%ecx
  401149:       ba 00 00 00 00          mov    $0x0,%edx
  40114e:       48 f7 f1                div    %rcx
  401151:       48 6b c0 10             imul   $0x10,%rax,%rax
  401155:       48 29 c4                sub    %rax,%rsp
  401158:       48 89 e0                mov    %rsp,%rax
  40115b:       48 83 c0 0f             add    $0xf,%rax
  40115f:       48 c1 e8 04             shr    $0x4,%rax
  401163:       48 c1 e0 04             shl    $0x4,%rax
  401167:       48 89 45 f8             mov    %rax,-0x8(%rbp)
  40116b:       48 8b 45 f8             mov    -0x8(%rbp),%rax
  40116f:       ba 00 01 00 00          mov    $0x100,%edx
  401174:       be 00 00 00 00          mov    $0x0,%esi
  401179:       48 89 c7                mov    %rax,%rdi
  40117c:       e8 af fe ff ff          call   401030 <memset@plt>
  401181:       90                      nop
  401182:       eb b1                   jmp    401135 <main+0xf>

Reply via email to