https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78569
Bug ID: 78569
Summary: "internal compiler error: in
get_substring_ranges_for_loc" processing sprintf
buffer overflow
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: preprocessor
Assignee: unassigned at gcc dot gnu.org
Reporter: arnd at linaro dot org
Target Milestone: ---
Created attachment 40180
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=40180&action=edit
preprocessed drivers/tty/nozomi.c from linux-4.9-rc5+next
Originally replied to bug #78169, but I believe it's different now, so I opened
a new one here.
When building the Linux kernel with gcc snapshot x86_64-linux-gcc-7.0.0 (GCC)
7.0.0 20161124 (experimental), I get this output for incorrect code:
/git/arm-soc/drivers/tty/nozomi.c: In function 'receive_flow_control':
/git/arm-soc/drivers/tty/nozomi.c:919:12: internal compiler error: in
get_substring_ranges_for_loc, at input.c:1388
static int receive_flow_control(struct nozomi *dc)
^~~~~~~~~~~~~~~~~~~~
0x110f22f get_substring_ranges_for_loc
/home/arnd/git/gcc/gcc/input.c:1388
0x110f22f get_source_location_for_substring(cpp_reader*, string_concat_db*,
unsigned int, cpp_ttype, int, int, int, unsigned int*)
/home/arnd/git/gcc/gcc/input.c:1458
0x67230e c_get_substring_location(substring_loc const&, unsigned int*)
/home/arnd/git/gcc/gcc/c-family/c-common.c:865
0xa5ce8f substring_loc::get_location(unsigned int*) const
/home/arnd/git/gcc/gcc/substring-locations.c:194
0xa5ce8f format_warning_va(substring_loc const&, source_range const*, char
const*, int, char const*, __va_list_tag (*) [1])
/home/arnd/git/gcc/gcc/substring-locations.c:112
0xa5d1f4 format_warning_at_substring(substring_loc const&, source_range const*,
char const*, int, char const*, ...)
/home/arnd/git/gcc/gcc/substring-locations.c:179
0x1038159 add_bytes
/home/arnd/git/gcc/gcc/gimple-ssa-sprintf.c:2083
0x1038159 compute_format_length
/home/arnd/git/gcc/gcc/gimple-ssa-sprintf.c:2208
0x1038159 handle_gimple_call
/home/arnd/git/gcc/gcc/gimple-ssa-sprintf.c:2772
0x1038159 execute
/home/arnd/git/gcc/gcc/gimple-ssa-sprintf.c:2799
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
It seems to only happen when I first preprocess the file and feed that into
compiler again (as done by ccache, but easily reproduced without it).
command to reproduce is:
x86_64-linux-gcc-7.0.0 -Wall -O -Wno-pointer-sign -s nozomi.i
I've only seen this with an x86 target, not with ARM, but that could be
coincidence.
The code line causing this is
do {if (0x01 & debug) do { char tmp[128]; snprintf(tmp, sizeof(tmp),"The Base
Band sends this value as a response to a " "request for IMSI detach sent over
the control " "channel uplink (see section 7.6.1)."); printk("\001" "7" "[%d]
%s(): %s\n", 932, __func__, tmp); } while (0); } while (0);
and this in turn causes a stack overflow of the 'tmp' array as the string that
gets copied in there is slightly longer than 128 bytes.
