[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-05-29 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

Martin Liška  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #8 from Martin Liška  ---
Fixed on all active branches.

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-05-29 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

--- Comment #7 from Martin Liška  ---
Author: marxin
Date: Mon May 29 09:09:07 2017
New Revision: 248560

URL: https://gcc.gnu.org/viewcvs?rev=248560=gcc=rev
Log:
Backport r246730

2017-05-29  Martin Liska  

Backport from mainline
2017-04-06  Martin Liska  

PR sanitizer/80166
* gcc.dg/asan/pr80166.c: New test.
2017-05-29  Martin Liska  

Backport from mainline
2017-04-06  Martin Liska  

PR sanitizer/80166
* sanitizer_common/sanitizer_common_interceptors.inc (INTERCEPTOR):
Cherry-pick upstream r299036.

Added:
branches/gcc-5-branch/gcc/testsuite/gcc.dg/asan/pr80166.c
Modified:
branches/gcc-5-branch/gcc/testsuite/ChangeLog
branches/gcc-5-branch/libsanitizer/ChangeLog
   
branches/gcc-5-branch/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-05-26 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

--- Comment #6 from Martin Liška  ---
Author: marxin
Date: Fri May 26 11:26:04 2017
New Revision: 248494

URL: https://gcc.gnu.org/viewcvs?rev=248494=gcc=rev
Log:
Backport r246730

2017-05-26  Martin Liska  

Backport from mainline
2017-04-06  Martin Liska  

PR sanitizer/80166
* gcc.dg/asan/pr80166.c: New test.
2017-05-26  Martin Liska  

Backport from mainline
2017-04-06  Martin Liska  

PR sanitizer/80166
* sanitizer_common/sanitizer_common_interceptors.inc (INTERCEPTOR):
Cherry-pick upstream r299036.

Added:
branches/gcc-6-branch/gcc/testsuite/gcc.dg/asan/pr80166.c
Modified:
branches/gcc-6-branch/gcc/testsuite/ChangeLog
branches/gcc-6-branch/libsanitizer/ChangeLog
   
branches/gcc-6-branch/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-04-07 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

Martin Liška  changed:

   What|Removed |Added

  Known to work||7.0
  Known to fail||5.4.0, 6.3.0

--- Comment #5 from Martin Liška  ---
Fixed on trunk, queued for backporting.

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-04-06 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

--- Comment #4 from Martin Liška  ---
Author: marxin
Date: Thu Apr  6 13:42:24 2017
New Revision: 246730

URL: https://gcc.gnu.org/viewcvs?rev=246730=gcc=rev
Log:
Cherry-pick upstream r299036 from libsanitizer (PR sanitizer/80166).

2017-04-06  Martin Liska  

PR sanitizer/80166
* sanitizer_common/sanitizer_common_interceptors.inc (INTERCEPTOR):
Cherry-pick upstream r299036.
2017-04-06  Martin Liska  

PR sanitizer/80166
* gcc.dg/asan/pr80166.c: New test.

Added:
trunk/gcc/testsuite/gcc.dg/asan/pr80166.c
Modified:
trunk/gcc/testsuite/ChangeLog
trunk/libsanitizer/ChangeLog
trunk/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-03-24 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

Martin Liška  changed:

   What|Removed |Added

URL||https://reviews.llvm.org/D3
   ||1332

--- Comment #3 from Martin Liška  ---
Just created LLVM review for that.

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-03-24 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

--- Comment #2 from Martin Liška  ---
Another problem is that for a negative number, returned value is -1 (error).
And thus libsanitizer crashes:

==7910==ERROR: AddressSanitizer: negative-size-param: (size=-4)
#0 0x7ff25bcd6a00 in __interceptor_getgroups
(/usr/lib64/libasan.so.3+0x50a00)
#1 0x4009fb in main /home/marxin/Programming/testcases/pr80166.c:9
#2 0x7ff25b901540 in __libc_start_main (/lib64/libc.so.6+0x20540)
#3 0x400899 in _start
(/home/marxin/Programming/testcases/get_group+0x400899)

[Bug sanitizer/80166] SANITIZER_INTERCEPT_GETGROUPS modifies list when size is 0 Out-of-bounds write

2017-03-24 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80166

Martin Liška  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2017-03-24
 CC||marxin at gcc dot gnu.org
   Assignee|unassigned at gcc dot gnu.org  |marxin at gcc dot 
gnu.org
 Ever confirmed|0   |1

--- Comment #1 from Martin Liška  ---
Confirmed, problem is in libsanitizer. I'll report that to libsanitizer and
suggest patch for that.