[Bug tree-optimization/81861] New: ASan pr64820.c testcase segfaults with LTO and -fstack-protector-strong

Wed, 16 Aug 2017 06:07:47 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81861

            Bug ID: 81861
           Summary: ASan pr64820.c testcase segfaults with LTO and
                    -fstack-protector-strong
           Product: gcc
           Version: 8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: m.ostapenko at samsung dot com
                CC: ubizjak at gmail dot com
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu

After r250965 the ASan's pr64820.c tescase fails with:

ASAN:DEADLYSIGNAL
=================================================================
==15720==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x0000004009e5 bp 0x7fff5fca17c0 sp 0x7fff5fca17c0 T0)
==15720==The signal is caused by a READ memory access.
==15720==Hint: address points to the zero page.
    #0 0x4009e4 in Func1
/home/max/workspace/downloads/gcc/gcc/testsuite/c-c++-common/asan/pr64820.c:13
    #1 0x40080a in main
/home/max/workspace/downloads/gcc/gcc/testsuite/c-c++-common/asan/pr64820.c:23
    #2 0x2b7622799f44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #3 0x40085a 
(/home/max/build/master/gcc/testsuite/gcc/pr64820.exe+0x40085a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/max/workspace/downloads/gcc/gcc/testsuite/c-c++-common/asan/pr64820.c:13
in Func1
==15720==ABORTING

The code in resuting binary looks like this:

0000000000400910 <Func1>:
  400910:       41 54                   push   %r12
  400912:       55                      push   %rbp
  400913:       53                      push   %rbx
  400914:       48 81 ec 60 10 00 00    sub    $0x1060,%rsp
  40091b:       8b 05 5f 06 20 00       mov    0x20065f(%rip),%eax        #
600f80 <__TMC_END__>
  400921:       48 89 e3                mov    %rsp,%rbx
  400924:       48 89 dd                mov    %rbx,%rbp
  400927:       85 c0                   test   %eax,%eax
  400929:       0f 85 8a 00 00 00       jne    4009b9 <Func1+0xa9>
  40092f:       48 89 da                mov    %rbx,%rdx
  400932:       48 8d 7b 20             lea    0x20(%rbx),%rdi
  400936:       48 c7 03 b3 8a b5 41    movq   $0x41b58ab3,(%rbx)
  40093d:       48 c1 ea 03             shr    $0x3,%rdx
  400941:       48 c7 43 08 08 0b 40    movq   $0x400b08,0x8(%rbx)
  400948:       00 
  400949:       48 c7 43 10 10 09 40    movq   $0x400910,0x10(%rbx)
  400950:       00 
  400951:       c7 82 00 80 ff 7f f1    movl   $0xf1f1f1f1,0x7fff8000(%rdx)
  400958:       f1 f1 f1 
  40095b:       c7 82 04 82 ff 7f f3    movl   $0xf3f3f3f3,0x7fff8204(%rdx)
  400962:       f3 f3 f3 

Segfault here==> 400965:       48 8b 04 25 00 00 00    mov    0x0,%rax

  40096c:       00 
  40096d:       48 89 84 24 58 10 00    mov    %rax,0x1058(%rsp)
  400974:       00 
  400975:       31 c0                   xor    %eax,%eax
  400977:       e8 84 ff ff ff          callq  400900 <Ident>

Reply via email to