[Bug rtl-optimization/107482] out-of-bounds heap access in IRA

jcmvbkbc at gcc dot gnu.org via Gcc-bugs Mon, 31 Oct 2022 19:59:01 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107482


--- Comment #4 from jcmvbkbc at gcc dot gnu.org ---
The original ASAN report from the unmodified code:

==3761891==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x603000450ef8 at pc 0x000001a78e5c bp 0x7ffdcf35f2a0 sp 0x7ffdcf35f298
READ of size 8 at 0x603000450ef8 thread T0
    #0 0x1a78e5b in update_costs_from_allocno
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-color.cc:1437
    #1 0x1a79983 in update_costs_from_copies
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-color.cc:1524
    #2 0x1a7e5fa in assign_hard_reg
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-color.cc:2213
    #3 0x1a8e35d in ira_reassign_conflict_allocnos(int)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-color.cc:4052
    #4 0x1a260ef in ira /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira.cc:5834
    #5 0x1a27748 in execute /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira.cc:6084
    #6 0x1e9b852 in execute_one_pass(opt_pass*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2644
    #7 0x1e9c335 in execute_pass_list_1
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2753
    #8 0x1e9c3b0 in execute_pass_list_1
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2754
    #9 0x1e9c454 in execute_pass_list(function*, opt_pass*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2764
    #10 0x1030e5d in cgraph_node::expand()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:1834
    #11 0x1032294 in expand_all_functions
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2008
    #12 0x103418c in symbol_table::compile()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2358
    #13 0x1034b20 in symbol_table::finalize_compilation_unit()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2543
    #14 0x23f702b in compile_file
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:471
    #15 0x23ff902 in do_compile
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:2125
    #16 0x240036d in toplev::main(int, char**)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:2277
    #17 0x4823f71 in main /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/main.cc:39
    #18 0x7f1f4e4d4d09 in __libc_start_main ../csu/libc-start.c:308
    #19 0x9e4609 in _start
(/home/jcmvbkbc/ws/tensilica/gcc/builds/gcc-13-3563-gf36bba013361-windowed-be/gcc/cc1+0x9e4609)

0x603000450ef8 is located 0 bytes to the right of 24-byte region
[0x603000450ee0,0x603000450ef8)
freed by thread T0 here:
    #0 0x7f1f4ec6cb6f in __interceptor_free
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
    #1 0xdf3132 in sbitmap_free(simple_bitmap_def*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/sbitmap.h:247
    #2 0xef31f1 in auto_sbitmap::~auto_sbitmap()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/sbitmap.h:304
    #3 0x1aba525 in remove_some_program_points_and_update_live_ranges
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-lives.cc:1586
    #4 0x1abad9f in ira_compress_allocno_live_ranges()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-lives.cc:1750
    #5 0x1a44483 in ira_flattening(int, int)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-build.cc:3392
    #6 0x1a26074 in ira /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira.cc:5816
    #7 0x1a27748 in execute /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira.cc:6084
    #8 0x1e9b852 in execute_one_pass(opt_pass*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2644
    #9 0x1e9c335 in execute_pass_list_1
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2753
    #10 0x1e9c3b0 in execute_pass_list_1
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2754
    #11 0x1e9c454 in execute_pass_list(function*, opt_pass*)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/passes.cc:2764
    #12 0x1030e5d in cgraph_node::expand()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:1834
    #13 0x1032294 in expand_all_functions
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2008
    #14 0x103418c in symbol_table::compile()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2358
    #15 0x1034b20 in symbol_table::finalize_compilation_unit()
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/cgraphunit.cc:2543
    #16 0x23f702b in compile_file
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:471
    #17 0x23ff902 in do_compile
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:2125
    #18 0x240036d in toplev::main(int, char**)
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/toplev.cc:2277
    #19 0x4823f71 in main /home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/main.cc:39
    #20 0x7f1f4e4d4d09 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f1f4ec6ce8f in __interceptor_malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x49fb588 in xmalloc
/home/jcmvbkbc/ws/tensilica/gcc/gcc/libiberty/xmalloc.c:149

SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/jcmvbkbc/ws/tensilica/gcc/gcc/gcc/ira-color.cc:1437 in
update_costs_from_allocno
Shadow bytes around the buggy address:
  0x0c0680082180: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
  0x0c0680082190: fd fd fa fa fd fd fd fd fa fa fd fd fd fa fa fa
  0x0c06800821a0: fd fd fd fa fa fa fd fd fd fd fa fa fd fd fd fa
  0x0c06800821b0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
  0x0c06800821c0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
=>0x0c06800821d0: fd fd fd fd fa fa 00 00 00 fa fa fa fd fd fd[fa]
  0x0c06800821e0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fa fa
  0x0c06800821f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680082200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680082210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680082220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

[Bug rtl-optimization/107482] out-of-bounds heap access in IRA

Reply via email to