https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65177
Markus Trippelsdorf <trippels at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |trippels at gcc dot gnu.org --- Comment #1 from Markus Trippelsdorf <trippels at gcc dot gnu.org> --- -fsanitize=address shows: markus@x4 impl_sse % ./optacc_utest ================================================================= ==25254==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61b00001f160 at pc 0x00000040e8a0 bp 0x7ffe6daa1620 sp 0x7ffe6daa1618 READ of size 4 at 0x61b00001f160 thread T0 #0 0x40e89f in select_m /home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:267 #1 0x40e89f in p7_GOATrace /home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:218 #2 0x405d19 in utest_optacc optacc.c:659 #3 0x406281 in main optacc.c:801 #4 0x7f671f71e6cf in __libc_start_main (/lib/libc.so.6+0x206cf) #5 0x402448 in _start (/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/impl_sse/optacc_utest+0x402448) 0x61b00001f160 is located 32 bytes to the left of 1440-byte region [0x61b00001f180,0x61b00001f720) allocated by thread T0 here: #0 0x7f671ffaf502 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/5.0.0/libasan.so.2+0x9c502) #1 0x41c667 in p7_profile_Create /home/markus/hmmer-3.1b1-linux-intel-x86_64/src/p7_profile.c:68 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:267 select_m Shadow bytes around the buggy address: 0x0c367fffbdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbe10: 00 07 fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c367fffbe20: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa 0x0c367fffbe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffbe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==25254==ABORTING valgrind: markus@x4 impl_sse % valgrind ./optacc_utest ==32064== Memcheck, a memory error detector ==32064== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==32064== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==32064== Command: ./optacc_utest ==32064== ==32064== Invalid read of size 4 ==32064== at 0x406851: select_m (generic_optacc.c:267) ==32064== by 0x406851: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x525c610 is 32 bytes before a block of size 1,440 in arena "client" ==32064== ==32064== Invalid read of size 4 ==32064== at 0x40689B: select_m (generic_optacc.c:268) ==32064== by 0x40689B: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x525c614 is 28 bytes before a block of size 1,440 in arena "client" ==32064== ==32064== Invalid read of size 4 ==32064== at 0x4068D1: select_m (generic_optacc.c:269) ==32064== by 0x4068D1: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x525c618 is 24 bytes before a block of size 1,440 alloc'd ==32064== at 0x4028C70: malloc (vg_replace_malloc.c:296) ==32064== by 0x40C05D: p7_profile_Create (p7_profile.c:68) ==32064== by 0x416DAD: p7_oprofile_Sample (p7_oprofile.c:1579) ==32064== by 0x402FCC: utest_optacc (optacc.c:621) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== Invalid read of size 4 ==32064== at 0x4068FF: select_m (generic_optacc.c:270) ==32064== by 0x4068FF: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x525c61c is 20 bytes before a block of size 1,440 alloc'd ==32064== at 0x4028C70: malloc (vg_replace_malloc.c:296) ==32064== by 0x40C05D: p7_profile_Create (p7_profile.c:68) ==32064== by 0x416DAD: p7_oprofile_Sample (p7_oprofile.c:1579) ==32064== by 0x402FCC: utest_optacc (optacc.c:621) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== Invalid read of size 4 ==32064== at 0x406877: select_m (generic_optacc.c:267) ==32064== by 0x406877: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x5275954 is 12 bytes after a block of size 440 alloc'd ==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692) ==32064== by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179) ==32064== by 0x4030A1: utest_optacc (optacc.c:627) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== Invalid read of size 4 ==32064== at 0x4068AD: select_m (generic_optacc.c:268) ==32064== by 0x4068AD: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x5275958 is 16 bytes after a block of size 440 alloc'd ==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692) ==32064== by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179) ==32064== by 0x4030A1: utest_optacc (optacc.c:627) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== Invalid read of size 4 ==32064== at 0x4068E3: select_m (generic_optacc.c:269) ==32064== by 0x4068E3: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x527595c is 20 bytes after a block of size 440 alloc'd ==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692) ==32064== by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179) ==32064== by 0x4030A1: utest_optacc (optacc.c:627) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== Invalid read of size 4 ==32064== at 0x406E57: p7_GOATrace (generic_optacc.c:231) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x527d6c4 is 12 bytes after a block of size 440 alloc'd ==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692) ==32064== by 0x4082FA: p7_gmx_GrowTo (p7_gmx.c:123) ==32064== by 0x4030C5: utest_optacc (optacc.c:628) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== Invalid read of size 8 ==32064== at 0x406874: select_m (generic_optacc.c:267) ==32064== by 0x406874: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== Address 0x527d4f8 is 8 bytes before a block of size 440 alloc'd ==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692) ==32064== by 0x4082FA: p7_gmx_GrowTo (p7_gmx.c:123) ==32064== by 0x4030C5: utest_optacc (optacc.c:628) ==32064== by 0x40369C: main (optacc.c:801) ==32064== ==32064== ==32064== Process terminating with default action of signal 11 (SIGSEGV) ==32064== Access not within mapped region at address 0xFFFFFFFFFFFFFFB8 ==32064== at 0x406877: select_m (generic_optacc.c:267) ==32064== by 0x406877: p7_GOATrace (generic_optacc.c:218) ==32064== by 0x4032B8: utest_optacc (optacc.c:659) ==32064== by 0x40369C: main (optacc.c:801) ==32064== If you believe this happened as a result of a stack ==32064== overflow in your program's main thread (unlikely but ==32064== possible), you can try to increase the size of the ==32064== main thread stack using the --main-stacksize= flag. ==32064== The main thread stack size used in this run was 8388608.