https://gcc.gnu.org/bugzilla/show_bug.cgi?id=74750
Bug ID: 74750 Summary: Address sanitizer detects stack-buffer-underflow in GC_push_all_eager in mark.c Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: java Assignee: unassigned at gcc dot gnu.org Reporter: zeccav at gmail dot com Target Milestone: --- While generating 7.0 trunk with sanitized java I get the following in mark.c:1468 "q = *p;" libtool: link: /home/vitti/1tb/vitti/gcc-7-address/./gcc/gcj -B/home/vitti/1tb/vitti/gcc-7-address/x86_64-pc-linux-gnu/libjava/ -B/home/vitti/1tb/vitti/gcc-7-address/./gcc/ -B/home/vitti/1tb/vitti/local/gcc-7-address/x86_64-pc-linux-gnu/bin/ -B/home/vitti/1tb/vitti/local/gcc-7-address/x86_64-pc-linux-gnu/lib/ -isystem /home/vitti/1tb/vitti/local/gcc-7-address/x86_64-pc-linux-gnu/include -isystem /home/vitti/1tb/vitti/local/gcc-7-address/x86_64-pc-linux-gnu/sys-include -fomit-frame-pointer -Usun -g -O2 -o .libs/gcj-dbtool --main=gnu.gcj.tools.gcj_dbtool.Main -shared-libgcc gnu/gcj/tools/gcj_dbtool/natMain.o gnu/gcj/tools/.libs/gcj_dbtool.o -L/home/vitti/1tb/vitti/gcc-7-address/x86_64-pc-linux-gnu/libjava/.libs -L/home/vitti/1tb/vitti/gcc-7-address/x86_64-pc-linux-gnu/libjava ./.libs/libgcj.so /home/vitti/1tb/vitti/local/gcc-7/lib/../lib64/libasan.so -ldl -lrt -lpthread /home/vitti/1tb/vitti/local/gcc-7/lib/../lib64/libstdc++.so -lm -Wl,-rpath -Wl,/home/vitti/1tb/vitti/local/gcc-7-address/lib/../lib64 -Wl,-rpath -Wl,/home/vitti/1tb/vitti/local/gcc-7/lib/../lib64 ./gcj-dbtool -n classmap.db || touch classmap.db ================================================================= ==16985==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffd646e1ff0 at pc 0x2b760583a7c1 bp 0x7ffd646e1f90 sp 0x7ffd646e1f88 READ of size 8 at 0x7ffd646e1ff0 thread T0 #0 0x2b760583a7c0 in GC_push_all_eager /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mark.c:1468 #1 0x2b760583c607 in GC_push_current_stack /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mark_rts.c:497 #2 0x2b7605849561 in GC_with_callee_saves_pushed /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mach_dep.c:476 #3 0x2b76058495f0 in GC_generic_push_regs /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mach_dep.c:487 #4 0x2b760583c7c8 in GC_push_roots /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mark_rts.c:637 #5 0x2b760583b3cc in GC_mark_some /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mark.c:326 #6 0x2b760582c330 in GC_stopped_mark /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/alloc.c:531 #7 0x2b760582d1cf in GC_try_to_collect_inner /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/alloc.c:378 #8 0x2b760583ddf2 in GC_init_inner /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/misc.c:789 #9 0x2b760583df2e in GC_init /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/misc.c:493 #10 0x2b7605833e60 in GC_init_gcj_malloc /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/gcj_mlc.c:60 #11 0x2b7605048a6f in _Jv_InitGC() /home/vitti/1tb/vitti/test/gcc-trunk-239276/libjava/boehm.cc:537 #12 0x2b7604f7f242 in _Jv_CreateJavaVM /home/vitti/1tb/vitti/test/gcc-trunk-239276/libjava/prims.cc:1631 #13 0x2b7604f7f692 in _Jv_RunMain(_Jv_VMInitArgs*, java::lang::Class*, char const*, int, char const**, bool) /home/vitti/1tb/vitti/test/gcc-trunk-239276/libjava/prims.cc:1720 #14 0x2b7604f7fc55 in _Jv_RunMain(java::lang::Class*, char const*, int, char const**, bool) /home/vitti/1tb/vitti/test/gcc-trunk-239276/libjava/prims.cc:1815 #15 0x2b7604f7fc70 in JvRunMain /home/vitti/1tb/vitti/test/gcc-trunk-239276/libjava/prims.cc:1821 #16 0x40302f in main /tmp/cccH4paM.i:12 #17 0x390da1ffdf in __libc_start_main (/lib64/libc.so.6+0x390da1ffdf) #18 0x403077 (/home/vitti/1tb/vitti/gcc-7-address/x86_64-pc-linux-gnu/libjava/.libs/lt-gcj-dbtool+0x403077) Address 0x7ffd646e1ff0 is located in stack of thread T0 at offset 0 in frame #0 0x2b76058494ed in GC_with_callee_saves_pushed /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mach_dep.c:410 This frame has 1 object(s): [32, 40) 'dummy' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-underflow /home/vitti/1tb/vitti/test/gcc-trunk-239276/boehm-gc/mark.c:1468 in GC_push_all_eager Shadow bytes around the buggy address: 0x10002c8d43a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002c8d43b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002c8d43c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002c8d43d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002c8d43e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10002c8d43f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f1]f1 0x10002c8d4400: f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 0x10002c8d4410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002c8d4420: f1 f1 f1 f1 04 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 0x10002c8d4430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10002c8d4440: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==16985==ABORTING