[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 Thomas Koenig changed: What|Removed |Added Status|NEW |RESOLVED CC||tkoenig at gcc dot gnu.org Resolution|--- |FIXED --- Comment #10 from Thomas Koenig --- (In reply to Jerry DeLisle from comment #9) > I think this can be closed now. I concur.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 --- Comment #9 from Jerry DeLisle --- I think this can be closed now.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 --- Comment #8 from Jerry DeLisle --- Author: jvdelisle Date: Fri Oct 27 18:51:35 2017 New Revision: 254169 URL: https://gcc.gnu.org/viewcvs?rev=254169&root=gcc&view=rev Log: 2017-10-27 Jerry DeLisle Rimvydas (RJ) Backport from trunk PR libgfortran/81938 io/format.c (free_format_data): Don't try to free vlist descriptors past the end of the fnode array. Modified: branches/gcc-7-branch/libgfortran/ChangeLog branches/gcc-7-branch/libgfortran/io/format.c
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 --- Comment #7 from Jerry DeLisle --- Author: jvdelisle Date: Fri Oct 27 17:50:22 2017 New Revision: 254163 URL: https://gcc.gnu.org/viewcvs?rev=254163&root=gcc&view=rev Log: 2017-10-27 Jerry DeLisle Rimvydas (RJ) PR libgfortran/81938 io/format.c (free_format_data): Don't try to free vlist descriptors past the end of the fnode array. Modified: trunk/libgfortran/ChangeLog trunk/libgfortran/io/format.c
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 --- Comment #6 from Rimvydas (RJ) --- (In reply to Dominique d'Humieres from comment #4) > Thanks for working on this issue. > > The patch in comment 2 fixes this PR along with the failures for > gfortran.dg/fmt_cache_1.f and gfortran.dg/fmt_cache_2.f reported in pr78672. > > Patches should be submitted to fort...@gcc.gnu.org and > gcc-patc...@gcc.gnu.org for review. Do you have write access to SVN? No, I do not have write access to gcc SVN. Just a part of technical staff at our institute working to ensure portability of our scientific models. If patch is OK(still think whole loop could be rewritten for better readability, but runtime libraries tend to be tricky) could we expect fix backported to GCC7 branch? Thanks in advance.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 Jerry DeLisle changed: What|Removed |Added CC||jvdelisle at gcc dot gnu.org --- Comment #5 from Jerry DeLisle --- (In reply to Dominique d'Humieres from comment #4) > Thanks for working on this issue. > > The patch in comment 2 fixes this PR along with the failures for > gfortran.dg/fmt_cache_1.f and gfortran.dg/fmt_cache_2.f reported in pr78672. > > Patches should be submitted to fort...@gcc.gnu.org and > gcc-patc...@gcc.gnu.org for review. Do you have write access to SVN? The patch looks OK. I can commitg if noone else is doing so.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 Dominique d'Humieres changed: What|Removed |Added Blocks||78672 --- Comment #4 from Dominique d'Humieres --- Thanks for working on this issue. The patch in comment 2 fixes this PR along with the failures for gfortran.dg/fmt_cache_1.f and gfortran.dg/fmt_cache_2.f reported in pr78672. Patches should be submitted to fort...@gcc.gnu.org and gcc-patc...@gcc.gnu.org for review. Do you have write access to SVN? Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78672 [Bug 78672] Gfortran test suite failures with a sanitized compiler
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 --- Comment #3 from Rimvydas (RJ) --- fmt_cache_1.f in valgrind is reproducible on aarch64-suse-linux One scientific package has a tendency to crash in similar place. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x40003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at ../../../libgfortran/io/format.c:272 272 if (GFC_DESCRIPTOR_DATA(fnp->u.udf.vlist)) (gdb) where #0 0x40003b93595c in _gfortrani_free_format_data (fmt=0x4f293c40) at ../../../libgfortran/io/format.c:272 #1 0x40003b935d44 in save_parsed_format (dtp=0xd6551200) at ../../../libgfortran/io/format.c:146 #2 _gfortrani_parse_format (dtp=dtp@entry=0xd6551200) at ../../../libgfortran/io/format.c:1353 #3 0x40003b944878 in data_transfer_init (dtp=0xd6551200, dtp@entry=0xd6551260, read_flag=read_flag@entry=0) at ../../../libgfortran/io/transfer.c:2791 #4 0x40003b945208 in _gfortran_st_write (dtp=dtp@entry=0xd6551260) at ../../../libgfortran/io/transfer.c:4118 #5 0x00b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311 #6 0x00b62d50 in suphmf (kulout=20) at suphmf.F90:84 #7 0x008e85d4 in suphy (kulout=20) at suphy.F90:76 #8 0x007f3048 in su0yomb () at su0yomb.F90:628 #9 0x006ed0ac in cnt0 () at cnt0.F90:134 #10 0x006bf8c8 in master () at master.F90:76 #11 main (argc=argc@entry=1, argv=0xd6552ef1) at master.F90:3 #12 0x40003ba84830 in __libc_start_main (main=0x6bf84c , argc=1, argv=0xd6551f38, init=, fini=, rtld_fini=, stack_end=) at libc-start.c:289 #13 0x006bf770 in _start () (gdb) p &fmt->array.array $2 = (fnode (*)[64]) 0x4f293c90 (gdb) p/x sizeof(fmt->array.array) $3 = 0x1000 (gdb) p fnp $4 = (fnode *) 0x4f2957d0 (gdb) p *fnp $5 = {format = FMT_DT, repeat = 48, next = 0x320031, source = 0x340033 , u = {real = {w = 53, d = 54, e = 55}, string = {length = 53, p = 0x380037 }, integer = {w = 53, m = 54}, udf = { string = 0x360035 , string_len = 55, vlist = 0x3a0039}, w = 53, k = 53, r = 53, n = 53, child = 0x360035}, count = 59, current = 0xa1} (gdb) f 5 #5 0x00b6c4b8 in suphy1 (kulout=20) at suphy1.F90:311 311 WRITE(UNIT=KULOUT,FMT='('' COMMON YOMPHY1 '')') Attached patch solves runtime issue and valgrind no longer complains on format.c. Tested with GCC7 branch on openSUSE aarch64.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 Rimvydas (RJ) changed: What|Removed |Added CC||rimvydas.jas at gmail dot com --- Comment #2 from Rimvydas (RJ) --- Created attachment 42469 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42469&action=edit Possible fix.
[Bug libfortran/81938] valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81938 Dominique d'Humieres changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2017-08-30 Ever confirmed|0 |1 --- Comment #1 from Dominique d'Humieres --- An instrumented gfortran gives at run time ==59185==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62101150 at pc 0x00010b132896 bp 0x7fff554f6020 sp 0x7fff554f6018 READ of size 4 at 0x62101150 thread T0 #0 0x10b132895 in _gfortrani_free_format_data (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21895) #1 0x10b132a46 in _gfortrani_free_format_hash_table (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21a46) #2 0x10b1ae7a9 in close_unit_1 (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa9d7a9) #3 0x10b1ae9bf in _gfortrani_close_unit (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa9d9bf) #4 0x10b123fc7 in _gfortran_st_close (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa12fc7) #5 0x10a709ba1 in MAIN__ (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10ba1) #6 0x10a709bda in main (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10bda) #7 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234) 0x62101150 is located 0 bytes to the right of 4176-byte region [0x62100100,0x62101150) allocated by thread T0 here: #0 0x10cffb1da in wrap_malloc (/opt/gcc/gcc8w/lib/libasan.4.dylib+0x661da) #1 0x10a714427 (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0x3427) #2 0x10b13407f in _gfortrani_parse_format (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa2307f) #3 0x10b19c279 in data_transfer_init (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa8b279) #4 0x10b1a17d0 in _gfortran_st_write (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa907d0) #5 0x10a7098e0 in MAIN__ (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x108e0) #6 0x10a709bda in main (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10bda) #7 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234) SUMMARY: AddressSanitizer: heap-buffer-overflow (/opt/gcc/gcc8g/lib/libgfortran.4.dylib+0xa21895) in _gfortrani_free_format_data Shadow bytes around the buggy address: 0x1c4201d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c4201e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c4201f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c420200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c420210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x1c420220: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa 0x1c420230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c420240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c420250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c420260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c420270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb ==59185==ABORTING Program received signal SIGABRT: Process abort signal. Also present in gcc7.