https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117409
Bug ID: 117409
Summary: ASAN issues compiling
gfortran.dg/diagnostic-format-sarif-pr105916.f90
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: jamborm at gcc dot gnu.org
CC: dmalcolm at gcc dot gnu.org
Blocks: 86656
Target Milestone: ---
Host: x86_64-linux-gnu
Target: x86_64-linux-gnu
With ASAN instrumented gfortran configured as:
src/configure --prefix=/home/mjambor/gcc/mine/inst
--enable-languages=c,c++,fortran --enable-checking=release --enable-host-shared
--disable-multilib --with-build-config=bootstrap-asan
ASAN reports a heap-use-after-free problem when building our test
gcc/testsuite/gfortran.dg/diagnostic-format-sarif-pr105916.f90:
spawn -ignore SIGHUP
/home/mjambor/gcc/mine/b-obj/gcc/testsuite/gfortran/../../gfortran
-B/home/mjambor/gcc/mine/b-obj/gcc/testsuite/gfortran/../../
-B/home/mjambor/gcc/mine/b-obj/x86_64-pc-linux-gnu/./libgfortran/
/home/mjambor/gcc/mine/src/gcc/testsuite/gfortran.dg/diagnostic-format-sarif-pr105916.f90
-fdiagnostics-plain-output -fdiagnostics-plain-output -O
-fdiagnostics-format=sarif-file -fmax-errors=1 -Wfatal-errors -S -o
diagnostic-format-sarif-pr105916.s
=================================================================
==459442==ERROR: AddressSanitizer: heap-use-after-free on address
0x50800000b820 at pc 0x0000008b0639 bp 0x7ffcd5925440 sp 0x7ffcd5924c00
READ of size 1 at 0x50800000b820 thread T0
#0 0x8b0638 in strcmp
/home/mjambor/gcc/mine/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:470
#1 0x61b7794 in file_cache::lookup_file(char const*)
/home/mjambor/gcc/mine/src/gcc/input.cc:324
#2 0x61baa11 in file_cache::lookup_or_add_file(char const*)
/home/mjambor/gcc/mine/src/gcc/input.cc:538
#3 0x61baae9 in file_cache::get_source_file_content(char const*)
/home/mjambor/gcc/mine/src/gcc/input.cc:1050
#4 0x6155bbe in sarif_builder::maybe_make_artifact_content_object(char
const*) const /home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:3189
#5 0x615623a in sarif_artifact::populate_contents(sarif_builder&)
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:1023
#6 0x6167c4c in
sarif_builder::make_run_object(std::unique_ptr<sarif_invocation,
std::default_delete<sarif_invocation> >, std::unique_ptr<json::array,
std::default_delete<json::array> >)
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:2960
#7 0x6168df8 in
sarif_builder::make_top_level_object(std::unique_ptr<sarif_invocation,
std::default_delete<sarif_invocation> >, std::unique_ptr<json::array,
std::default_delete<json::array> >)
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:2914
#8 0x616946e in sarif_builder::flush_to_object()
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:1794
#9 0x6169656 in sarif_builder::flush_to_file(_IO_FILE*)
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:1806
#10 0x61767a6 in sarif_file_output_format::~sarif_file_output_format()
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:3510
#11 0x61767a6 in sarif_file_output_format::~sarif_file_output_format()
/home/mjambor/gcc/mine/src/gcc/diagnostic-format-sarif.cc:3511
#12 0x613d834 in diagnostic_context::finish()
/home/mjambor/gcc/mine/src/gcc/diagnostic.cc:386
#13 0x7fb744 in diagnostic_finish(diagnostic_context*)
/home/mjambor/gcc/mine/src/gcc/diagnostic.h:1029
#14 0x7fb744 in toplev::main(int, char**)
/home/mjambor/gcc/mine/src/gcc/toplev.cc:2395
#15 0x808add in main /home/mjambor/gcc/mine/src/gcc/main.cc:39
#16 0x7f12c762a2ad in __libc_start_call_main (/lib64/libc.so.6+0x2a2ad)
(BuildId: 03f1631dc9760d3e30311fe62e15cc4baaa89db7)
#17 0x7f12c762a378 in __libc_start_main@@GLIBC_2.34
(/lib64/libc.so.6+0x2a378) (BuildId: 03f1631dc9760d3e30311fe62e15cc4baaa89db7)
#18 0x80a4a4 in _start ../sysdeps/x86_64/start.S:115
0x50800000b820 is located 0 bytes inside of 90-byte region
[0x50800000b820,0x50800000b87a)
freed by thread T0 here:
#0 0x8f179b in free
/home/mjambor/gcc/mine/src/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0xc29742 in gfc_scanner_done_1()
/home/mjambor/gcc/mine/src/gcc/fortran/scanner.cc:296
previously allocated by thread T0 here:
#0 0x8f2c23 in malloc
/home/mjambor/gcc/mine/src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x6355e2b in xmalloc /home/mjambor/gcc/mine/src/libiberty/xmalloc.c:149
SUMMARY: AddressSanitizer: heap-use-after-free
/home/mjambor/gcc/mine/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:470
in strcmp
Shadow bytes around the buggy address:
0x50800000b580: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
0x50800000b600: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 02
0x50800000b680: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
0x50800000b700: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
0x50800000b780: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
=>0x50800000b800: fa fa fa fa[fd]fd fd fd fd fd fd fd fd fd fd fd
0x50800000b880: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x50800000b900: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x50800000b980: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x50800000ba00: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
0x50800000ba80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==459442==ABORTING
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86656
[Bug 86656] [meta-bug] Issues found with -fsanitize=address
