https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63316
Bug ID: 63316 Summary: [5.0 Regression] False asan positive Product: gcc Version: 5.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: Joost.VandeVondele at mat dot ethz.ch CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org In the one day between r215373 and r215412 asan detects an heap-buffer-overflow for the testcase below. This only happens when compiled >O0. valgrind reports nothing. > cat bug.f90 MODULE M1 IMPLICIT NONE TYPE T1 LOGICAL :: a,b,c INTEGER, POINTER :: common_pos END TYPE T1 END MODULE M1 MODULE M2 USE M1 IMPLICIT NONE INTEGER, PRIVATE, POINTER, SAVE :: foo CONTAINS SUBROUTINE S1(iterator) TYPE(T1), INTENT(OUT) :: iterator NULLIFY(iterator%common_pos) IF (iterator%a) THEN ALLOCATE(iterator%common_pos) foo => iterator%common_pos foo = 0 END IF END SUBROUTINE S1 END MODULE M2 USE M1 USE M2 TYPE(T1), POINTER :: iterator ALLOCATE(iterator) iterator%a=.TRUE. CALL S1(iterator) END > gfortran -fsanitize=address -fno-omit-frame-pointer -g -O1 -march=native > -ffree-form bug.f90 && ./a.out ================================================================= ==66541==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef90 at pc 0x400b1a bp 0x7fffcd4a56f0 sp 0x7fffcd4a56e8 WRITE of size 4 at 0x60200000ef90 thread T0 #0 0x400b19 in __m2_MOD_s1 /data/vjoost/gnu/bugs/bug.f90:19 #1 0x400b8c in MAIN__ /data/vjoost/gnu/bugs/bug.f90:29 #2 0x400b8c in main /data/vjoost/gnu/bugs/bug.f90:24 #3 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c) #4 0x400978 (/data/vjoost/gnu/bugs/a.out+0x400978) 0x60200000ef90 is located 0 bytes inside of 4-byte region [0x60200000ef90,0x60200000ef94) allocated by thread T0 here: #0 0x7f252ce9f309 in __interceptor_malloc ../../../../gcc/libsanitizer/asan/asan_malloc_linux.cc:73 #1 0x400ac5 in __m2_MOD_s1 /data/vjoost/gnu/bugs/bug.f90:17 #2 0x400b8c in MAIN__ /data/vjoost/gnu/bugs/bug.f90:29 #3 0x400b8c in main /data/vjoost/gnu/bugs/bug.f90:24 #4 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c) SUMMARY: AddressSanitizer: heap-buffer-overflow /data/vjoost/gnu/bugs/bug.f90:19 __m2_MOD_s1 Shadow bytes around the buggy address: 0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c047fff9df0: fa fa[04]fa fa fa 07 fa fa fa 07 fa fa fa 06 fa 0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc ASan internal: fe ==66541==ABORTING vjo...@nanosim-s01.ethz.ch:/data/vjoost/gnu/bugs>