[Bug c/119968] miscompliation at -O1 or higher

sjames at gcc dot gnu.org via Gcc-bugs Sun, 27 Apr 2025 07:49:27 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119968


Sam James <sjames at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from Sam James <sjames at gcc dot gnu.org> ---
```
$ gcc -O0 a.c -lpcre2-8 -o a -fsanitize=address,undefined ; ./a ; echo $?
====================================================
==3860996==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x762fe7500054 at pc 0x7a2fea68de28 bp 0x7ffc771a8270 sp 0x7ffc771a79f8
WRITE of size 8 at 0x762fe7500054 thread T0
    #0 0x7a2fea68de27 in scanf_common
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:342
    #1 0x7a2fea6d6668 in __isoc23_vsscanf
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1558
    #2 0x7a2fea6d6fb4 in __isoc23_sscanf
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1590
    #3 0x5be0ea7a2780 in main (/tmp/a+0x780)
    #4 0x7a2fe9a03546 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #5 0x7a2fe9a035f5 in __libc_start_main_impl ../csu/libc-start.c:360
    #6 0x5be0ea7a2440 in _start (/tmp/a+0x440)

Address 0x762fe7500054 is located in stack of thread T0 at offset 84 in frame
    #0 0x5be0ea7a2544 in main (/tmp/a+0x544)

  This frame has 7 object(s):
    [48, 52) 'regex_errcode'
    [64, 68) 'y_ecrc'
    [80, 84) 'y_epcrc' <== Memory access at offset 84 overflows this variable
    [96, 104) 'named_buf' (line 15)
    [128, 136) 'named_buf_len' (line 16)
    [160, 168) 'regex_errpos'
    [192, 208) 'yencend_regex' (line 17)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/tmp/a+0x780) in main
Shadow bytes around the buggy address:
  0x762fe74ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe74ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe74ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe74fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe74fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x762fe7500000: f1 f1 f1 f1 f1 f1 04 f2 04 f2[04]f2 00 f2 f2 f2
  0x762fe7500080: 00 f2 f2 f2 00 f2 f2 f2 00 00 f3 f3 00 00 00 00
  0x762fe7500100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe7500180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe7500200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x762fe7500280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[...]
```

Ditto with Clang.

[Bug c/119968] miscompliation at -O1 or higher

Reply via email to