https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87953
Bug ID: 87953
Summary: asan: stack-buffer-overflow in vectorizable_reduction
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: dcb314 at hotmail dot com
Target Milestone: ---
For this C code:
int a[];
int b;
void d() {
char c;
b = 0;
for (; b < 6; b++) {
c = 1;
for (; c; c <<= 1) {
a[b] <<= 8;
if (b & c)
a[b] = 1;
}
}
}
compiled with -O3 on recent gcc trunk with asan, does this:
==18849==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffd0eb77e48 at pc 0x000002cfffdd bp 0x7ffd0eb76740 sp 0x7ffd0eb76738
READ of size 8 at 0x7ffcfa4901f8 thread T0
#0 0x2cfffdc in vectorizable_reduction(_stmt_vec_info*,
gimple_stmt_iterator
*, _stmt_vec_info**, _slp_tree*, _slp_instance*, vec<stmt_info_for_cost,
va_heap
, vl_ptr>*) ../../trunk/gcc/tree-vect-loop.c:6485
...
[5472, 5496) 'ops' (line 6004) <== Memory access at offset 5464 underflows
t
his variable
Line 6485 is
if (!vec_stmt && !vectorizable_condition (stmt_info, gsi, NULL,
ops[reduc_index], 0, NULL,
cost_vec))
I am not sure if overflow or underflow is occurring, but since ops is
a local array, I am guessing someone needs to sanity check array indexes
before use.
Problem didn't occur in gcc revision 265683 and does by revision 265907.
