https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85253
Bug ID: 85253 Summary: asan detects heap-buffer-overflow in matmul_r4.c Product: gcc Version: 8.0.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libfortran Assignee: unassigned at gcc dot gnu.org Reporter: zeccav at gmail dot com Target Milestone: --- Host: x86_64-pc-linux-gnu Target: x86_64-pc-linux-gnu ! In trunk 258946 asan detects heap buffer overflow in libgfortran/generated/matmul_r4.c:2035 ! "t1[l - ll + 2 + ((i - ii + 2) << 8) - 257] = a[i + 1 + (l + 1) * a_dim1];" ! l=1 ll=1 i=1 ii=1 a_dim1=2 ! Generated with ~/local/gcc-258946-address/bin/gfortran p.f -g -lasan -static-libgfortran ! Initially detected with "export MALLOC_CHECK_=1" (see man mallopt) (I put it into .bashrc) ! gfortran 7.3.0 seems to be ok real data_d(2,2),ptr(1,2) ! and similarly for other real and integer types (complex ok) data data_d/1,2,3,4/ data ptr/1,2/ print *,MATMUL(data_d,TRANSPOSE(ptr)) !must display 7.0 10.0 end !./a.out !================================================================= !==32750==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000000484 at pc 0x00000041ac82 bp 0x7fff2a84aff0 sp 0x7fff2a84afe8 !WRITE of size 4 at 0x619000000484 thread T0 ! #0 0x41ac81 in matmul_r4_vanilla ../../../gcc-258946/libgfortran/generated/matmul_r4.c:2035 ! #1 0x41f348 in _gfortran_matmul_r4 ../../../gcc-258946/libgfortran/generated/matmul_r4.c:2377 ! #2 0x402efe in MAIN__ /home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:6 ! #3 0x402fa6 in main /home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:7 ! #4 0x147ac2eeff29 in __libc_start_main (/usr/lib64/libc.so.6+0x20f29) ! #5 0x402bc9 in _start (/home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/a.out+0x402bc9) ! !0x619000000484 is located 0 bytes to the right of 1028-byte region [0x619000000080,0x619000000484) !allocated by thread T0 here: ! #0 0x147ac3b10040 in __interceptor_malloc ../../../../gcc/libsanitizer/asan/asan_malloc_linux.cc:86 ! #1 0x41a6db in matmul_r4_vanilla ../../../gcc-258946/libgfortran/generated/matmul_r4.c:1995 ! #2 0x41f348 in _gfortran_matmul_r4 ../../../gcc-258946/libgfortran/generated/matmul_r4.c:2377 ! #3 0x402efe in MAIN__ /home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:6 ! #4 0x402fa6 in main /home/vitti/1tb/vitti/test/cp2k-18361/cp2k/tests/QS/regtest-pao-2/p.f:7 ! #5 0x147ac2eeff29 in __libc_start_main (/usr/lib64/libc.so.6+0x20f29) ! !SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../gcc-258946/libgfortran/generated/matmul_r4.c:2035 in matmul_r4_vanilla !Shadow bytes around the buggy address: ! 0x0c327fff8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ! 0x0c327fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ! 0x0c327fff8060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ! 0x0c327fff8070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ! 0x0c327fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 !=>0x0c327fff8090:[04]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa ! 0x0c327fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa ! 0x0c327fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa ! 0x0c327fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa ! 0x0c327fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa ! 0x0c327fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa !Shadow byte legend (one shadow byte represents 8 application bytes): ! Addressable: 00 ! Partially addressable: 01 02 03 04 05 06 07 ! Heap left redzone: fa ! Freed heap region: fd ! Stack left redzone: f1 ! Stack mid redzone: f2 ! Stack right redzone: f3 ! Stack after return: f5 ! Stack use after scope: f8 ! Global redzone: f9 ! Global init order: f6 ! Poisoned by user: f7 ! Container overflow: fc ! Array cookie: ac ! Intra object redzone: bb ! ASan internal: fe ! Left alloca redzone: ca ! Right alloca redzone: cb !==32750==ABORTING