https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119541
Bug ID: 119541
Summary: [15 Regression] asan: dynamic-stack-buffer-overflow in
modify_call_for_omp_dispatch at gimplify.cc:3976
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Keywords: openmp
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: pheeck at gcc dot gnu.org
CC: sandra at gcc dot gnu.org
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
If you compile the c-c++-common/gomp/dispatch-11.c gcc testsuite testcase using
-fopenmp with an AddressSanitizer-instrumented gcc, you get this:
==2494359==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fff36429498 at pc 0x000001a8feac bp 0x7fff36429440 sp 0x7fff36429438
WRITE of size 8 at 0x7fff36429498 thread T0
#0 0x000001a8feab in modify_call_for_omp_dispatch
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:3976
#1 0x000001b0371c in expand_variant_call_expr
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:4400
#2 0x000001b0371c in gimplify_variant_call_expr
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:4502
#3 0x000001b0371c in gimplify_call_expr
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:4707
#4 0x000001ab13d5 in gimplify_expr(tree_node**, gimple**, gimple**, bool
(*)(tree_node*), int)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:19439
#5 0x000001aba9dd in gimplify_stmt(tree_node**, gimple**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:8436
#6 0x000001abaaa8 in gimplify_and_add(tree_node*, gimple**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:547
#7 0x000001afded9 in gimplify_omp_dispatch
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:18928
#8 0x000001ab005a in gimplify_expr(tree_node**, gimple**, gimple**, bool
(*)(tree_node*), int)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:20142
#9 0x000001aba9dd in gimplify_stmt(tree_node**, gimple**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:8436
#10 0x000001aaff7b in gimplify_statement_list
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:2285
#11 0x000001aaff7b in gimplify_expr(tree_node**, gimple**, gimple**, bool
(*)(tree_node*), int)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:19921
#12 0x000001aba9dd in gimplify_stmt(tree_node**, gimple**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:8436
#13 0x000001abbec3 in gimplify_bind_expr
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:1680
#14 0x000001ab1031 in gimplify_expr(tree_node**, gimple**, gimple**, bool
(*)(tree_node*), int)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:19671
#15 0x000001aba9dd in gimplify_stmt(tree_node**, gimple**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:8436
#16 0x000001ac039c in gimplify_body(tree_node*, bool)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:20773
#17 0x000001ac100b in gimplify_function_tree(tree_node*)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:20982
#18 0x00000148939f in cgraph_node::analyze()
/home/worker/buildworker/tiber-gcc-asan/build/gcc/cgraphunit.cc:689
#19 0x000001490f01 in analyze_functions
/home/worker/buildworker/tiber-gcc-asan/build/gcc/cgraphunit.cc:1265
#20 0x000001494100 in symbol_table::finalize_compilation_unit()
/home/worker/buildworker/tiber-gcc-asan/build/gcc/cgraphunit.cc:2574
#21 0x000002594901 in compile_file
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:479
#22 0x00000084daca in do_compile
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2208
#23 0x00000084daca in toplev::main(int, char**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2371
#24 0x00000085907d in main
/home/worker/buildworker/tiber-gcc-asan/build/gcc/main.cc:39
#25 0x7f198922b12d in __libc_start_call_main (/lib64/libc.so.6+0x2b12d)
(BuildId: 4e306825df357f9b661479a3f9d24a8dbf960c1f)
#26 0x7f198922b1f8 in __libc_start_main_impl (/lib64/libc.so.6+0x2b1f8)
(BuildId: 4e306825df357f9b661479a3f9d24a8dbf960c1f)
#27 0x00000085ab74 in _start ../sysdeps/x86_64/start.S:115
Address 0x7fff36429498 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
/home/worker/buildworker/tiber-gcc-asan/build/gcc/gimplify.cc:3976 in
modify_call_for_omp_dispatch
Shadow bytes around the buggy address:
0x7fff36429200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429400: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
=>0x7fff36429480: 00 00 00[cb]cb cb cb cb 00 00 00 00 00 00 00 00
0x7fff36429500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fff36429700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2494359==ABORTING
According to git blame, Sandra recently did some work around gimplify.cc:3976,
so Cc-ing her.
