[Bug sanitizer/61422] New: False Asan positive in libopus

[m.zakirov at samsung dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61422

            Bug ID: 61422
           Summary: False Asan positive in libopus
           Product: gcc
           Version: 4.10.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: m.zakirov at samsung dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org

Bug is reproducible on simple test like:

//Issue was taken from libopus, ffmpeg library

#define NLSF_QUANT_DEL_DEC_STATES   4
#define MAX_LPC_ORDER               16

int main()
{
    int  ind_min_max = 1, ind_max_min = 3;
    char ind[ NLSF_QUANT_DEL_DEC_STATES ][ MAX_LPC_ORDER ];
    __asm ("\n"
             : "=m"(ind_min_max), "=m"(ind_max_min));
    memcpy( ind[ ind_max_min ], ind[ ind_min_max ], MAX_LPC_ORDER * sizeof(
char ) );
    return 0;
}

Output will be:

==20809==ERROR: AddressSanitizer: unknown-crash on address 0x7fff92804b00 at pc
0x4f934d bp 0x7fff92804a20 sp 0x7fff92804a00
WRITE of size 16 at 0x7fff92804b00 thread T0
    #0 0x4f934c in main
(/home/mzakirov/proj/found_bugs/asan_bug/res.out+0x4f934c)
    #1 0x7f32dd7d776c in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
    #2 0x40c308 (/home/mzakirov/proj/found_bugs/asan_bug/res.out+0x40c308)

Address 0x7fff92804b00 is located in stack of thread T0 at offset 208 in frame
    #0 0x4f921b in main
(/home/mzakirov/proj/found_bugs/asan_bug/res.out+0x4f921b)

  This frame has 3 object(s):
    [32, 36) 'ind_min_max'
    [96, 100) 'ind_max_min'
    [160, 224) 'ind' <== Memory access at offset 208 is inside this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: unknown-crash ??:0 main
Shadow bytes around the buggy address:
  0x1000724f8910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f8920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f8930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f8940: 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f2 f2
  0x1000724f8950: f2 f2 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00 00 00
=>0x1000724f8960:[00]00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
  0x1000724f8970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f8980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f8990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f89a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000724f89b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==20809==ABORTING