[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 Martin Liška changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #8 from Martin Liška --- Fixed on all active branches.
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 --- Comment #7 from Martin Liška --- Author: marxin Date: Mon May 29 09:09:07 2017 New Revision: 248560 URL: https://gcc.gnu.org/viewcvs?rev=248560=gcc=rev Log: Backport r246730 2017-05-29 Martin LiskaBackport from mainline 2017-04-06 Martin Liska PR sanitizer/80166 * gcc.dg/asan/pr80166.c: New test. 2017-05-29 Martin Liska Backport from mainline 2017-04-06 Martin Liska PR sanitizer/80166 * sanitizer_common/sanitizer_common_interceptors.inc (INTERCEPTOR): Cherry-pick upstream r299036. Added: branches/gcc-5-branch/gcc/testsuite/gcc.dg/asan/pr80166.c Modified: branches/gcc-5-branch/gcc/testsuite/ChangeLog branches/gcc-5-branch/libsanitizer/ChangeLog branches/gcc-5-branch/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 --- Comment #6 from Martin Liška --- Author: marxin Date: Fri May 26 11:26:04 2017 New Revision: 248494 URL: https://gcc.gnu.org/viewcvs?rev=248494=gcc=rev Log: Backport r246730 2017-05-26 Martin LiskaBackport from mainline 2017-04-06 Martin Liska PR sanitizer/80166 * gcc.dg/asan/pr80166.c: New test. 2017-05-26 Martin Liska Backport from mainline 2017-04-06 Martin Liska PR sanitizer/80166 * sanitizer_common/sanitizer_common_interceptors.inc (INTERCEPTOR): Cherry-pick upstream r299036. Added: branches/gcc-6-branch/gcc/testsuite/gcc.dg/asan/pr80166.c Modified: branches/gcc-6-branch/gcc/testsuite/ChangeLog branches/gcc-6-branch/libsanitizer/ChangeLog branches/gcc-6-branch/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 Martin Liška changed: What|Removed |Added Known to work||7.0 Known to fail||5.4.0, 6.3.0 --- Comment #5 from Martin Liška --- Fixed on trunk, queued for backporting.
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 --- Comment #4 from Martin Liška --- Author: marxin Date: Thu Apr 6 13:42:24 2017 New Revision: 246730 URL: https://gcc.gnu.org/viewcvs?rev=246730=gcc=rev Log: Cherry-pick upstream r299036 from libsanitizer (PR sanitizer/80166). 2017-04-06 Martin LiskaPR sanitizer/80166 * sanitizer_common/sanitizer_common_interceptors.inc (INTERCEPTOR): Cherry-pick upstream r299036. 2017-04-06 Martin Liska PR sanitizer/80166 * gcc.dg/asan/pr80166.c: New test. Added: trunk/gcc/testsuite/gcc.dg/asan/pr80166.c Modified: trunk/gcc/testsuite/ChangeLog trunk/libsanitizer/ChangeLog trunk/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 Martin Liška changed: What|Removed |Added URL||https://reviews.llvm.org/D3 ||1332 --- Comment #3 from Martin Liška --- Just created LLVM review for that.
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 --- Comment #2 from Martin Liška --- Another problem is that for a negative number, returned value is -1 (error). And thus libsanitizer crashes: ==7910==ERROR: AddressSanitizer: negative-size-param: (size=-4) #0 0x7ff25bcd6a00 in __interceptor_getgroups (/usr/lib64/libasan.so.3+0x50a00) #1 0x4009fb in main /home/marxin/Programming/testcases/pr80166.c:9 #2 0x7ff25b901540 in __libc_start_main (/lib64/libc.so.6+0x20540) #3 0x400899 in _start (/home/marxin/Programming/testcases/get_group+0x400899)
[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2017-03-24 CC||marxin at gcc dot gnu.org Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #1 from Martin Liška --- Confirmed, problem is in libsanitizer. I'll report that to libsanitizer and suggest patch for that.