https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85253
Bug ID: 85253
Summary: asan detects heap-buffer-overflow in matmul_r4.c
Product: gcc
Version: 8.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libfortran
Assignee: unassigned at gcc dot gnu.org
Reporter: zeccav at gmail dot com
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
! In trunk 258946 asan detects heap buffer overflow in
libgfortran/generated/matmul_r4.c:2035
! "t1[l - ll + 2 + ((i - ii + 2) << 8) - 257] = a[i + 1 + (l + 1) * a_dim1];"
! l=1 ll=1 i=1 ii=1 a_dim1=2
! Generated with ~/local/gcc-258946-address/bin/gfortran p.f -g -lasan
-static-libgfortran
! Initially detected with "export MALLOC_CHECK_=1" (see man mallopt) (I put it
into .bashrc)
! gfortran 7.3.0 seems to be ok
real data_d(2,2),ptr(1,2) ! and similarly for other real and integer
types (complex ok)
data data_d/1,2,3,4/
data ptr/1,2/
print *,MATMUL(data_d,TRANSPOSE(ptr)) !must display 7.0 10.0
end
!./a.out
!=================================================================
!==32750==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x619000000484 at pc 0x00000041ac82 bp 0x7fff2a84aff0 sp 0x7fff2a84afe8
!WRITE of size 4 at 0x619000000484 thread T0
! #0 0x41ac81 in matmul_r4_vanilla
../../../gcc-258946/libgfortran/generated/matmul_r4.c:2035
! #1 0x41f348 in _gfortran_matmul_r4
../../../gcc-258946/libgfortran/generated/matmul_r4.c:2377
! #2 0x402efe in MAIN__
/home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:6
! #3 0x402fa6 in main
/home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:7
! #4 0x147ac2eeff29 in __libc_start_main (/usr/lib64/libc.so.6+0x20f29)
! #5 0x402bc9 in _start
(/home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/a.out+0x402bc9)
!
!0x619000000484 is located 0 bytes to the right of 1028-byte region
[0x619000000080,0x619000000484)
!allocated by thread T0 here:
! #0 0x147ac3b10040 in __interceptor_malloc
../../../../gcc/libsanitizer/asan/asan_malloc_linux.cc:86
! #1 0x41a6db in matmul_r4_vanilla
../../../gcc-258946/libgfortran/generated/matmul_r4.c:1995
! #2 0x41f348 in _gfortran_matmul_r4
../../../gcc-258946/libgfortran/generated/matmul_r4.c:2377
! #3 0x402efe in MAIN__
/home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:6
! #4 0x402fa6 in main
/home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:7
! #5 0x147ac2eeff29 in __libc_start_main (/usr/lib64/libc.so.6+0x20f29)
!
!SUMMARY: AddressSanitizer: heap-buffer-overflow
../../../gcc-258946/libgfortran/generated/matmul_r4.c:2035 in matmul_r4_vanilla
!Shadow bytes around the buggy address:
! 0x0c327fff8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c327fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c327fff8060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c327fff8070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c327fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
!=>0x0c327fff8090:[04]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c327fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c327fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c327fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c327fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c327fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
!Shadow byte legend (one shadow byte represents 8 application bytes):
! Addressable: 00
! Partially addressable: 01 02 03 04 05 06 07
! Heap left redzone: fa
! Freed heap region: fd
! Stack left redzone: f1
! Stack mid redzone: f2
! Stack right redzone: f3
! Stack after return: f5
! Stack use after scope: f8
! Global redzone: f9
! Global init order: f6
! Poisoned by user: f7
! Container overflow: fc
! Array cookie: ac
! Intra object redzone: bb
! ASan internal: fe
! Left alloca redzone: ca
! Right alloca redzone: cb
!==32750==ABORTING
