https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99337
Bug ID: 99337 Summary: Sanitizer detect heap-buffer-overflow in checkModFileAlias Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: d Assignee: ibuclaw at gdcproject dot org Reporter: zeccav at gmail dot com Target Milestone: --- The address sanitizer detects the following running /home/vitti/gcc-150221-full-address/gcc/gdc -B/home/vitti/gcc-150221-full-address/gcc compilable/test16798.d -I/home/vitti/gcc-150221/libphobos/libdruntime -fmodule-file=its.a.dessert.topping=imports/imp16798.d -fmodule-file=its.a.floorwax=imports/ -S -o test16798.s dmodule.c:200 is "if (memcmp(dotmods->peekChars(), m, q - m) == 0)" I split the original if to understand which arm was causing the issue. ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000010440 at pc 0x1483adc6651e bp 0x7fffd8642480 sp 0x7fffd8641c30 READ of size 21 at 0x602000010440 thread T0 #0 0x1483adc6651d in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../gcc-150221/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:843 #1 0x1483adc66b78 in __interceptor_memcmp ../../../../gcc-150221/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:875 #2 0x1483adc66b78 in __interceptor_memcmp ../../../../gcc-150221/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:870 #3 0x539741 in checkModFileAlias ../../gcc-150221/gcc/d/dmd/dmodule.c:200 #4 0x539b45 in getFilename ../../gcc-150221/gcc/d/dmd/dmodule.c:241 #5 0x53a127 in Module::load(Loc, Array<Identifier*>*, Identifier*) ../../gcc-150221/gcc/d/dmd/dmodule.c:348 #6 0x4e0c78 in Import::load(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:154 #7 0x4e0ef5 in Import::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:173 #8 0x4e1b95 in Import::setScope(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:243 #9 0x42f975 in AttribDeclaration::setScope(Scope*) ../../gcc-150221/gcc/d/dmd/attrib.c:142 #10 0x4359de in ConditionalDeclaration::setScope(Scope*) ../../gcc-150221/gcc/d/dmd/attrib.c:864 #11 0x53d99b in Module::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dmodule.c:805 #12 0x4e0f9c in Import::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:176 #13 0x53dabc in Module::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dmodule.c:811 #14 0x8f0c46 in d_parse_file ../../gcc-150221/gcc/d/d-lang.cc:1038 #15 0x1fed707 in compile_file ../../gcc-150221/gcc/toplev.c:457 #16 0x1ff69b9 in do_compile ../../gcc-150221/gcc/toplev.c:2197 #17 0x1ff721d in toplev::main(int, char**) ../../gcc-150221/gcc/toplev.c:2336 #18 0x4fba3ef in main ../../gcc-150221/gcc/main.c:39 #19 0x1483ad4dd1e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1) #20 0x419c8d in _start (/home/vitti/gcc-150221-full-address/gcc/d21+0x419c8d) 0x602000010440 is located 0 bytes to the right of 16-byte region [0x602000010430,0x602000010440) allocated by thread T0 here: #0 0x1483adc85a8f in __interceptor_malloc ../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x52231eb in xmalloc ../../gcc-150221/libiberty/xmalloc.c:147 #2 0x7cbb2a in Mem::xrealloc(void*, unsigned long) ../../gcc-150221/gcc/d/dmd/root/rmem.c:83 #3 0x78c726 in OutBuffer::reserve(unsigned long) ../../gcc-150221/gcc/d/dmd/root/outbuffer.c:30 #4 0x78ca2c in OutBuffer::write(void const*, unsigned long) ../../gcc-150221/gcc/d/dmd/root/outbuffer.c:59 #5 0x78cb15 in OutBuffer::writestring(char const*) ../../gcc-150221/gcc/d/dmd/root/outbuffer.c:66 #6 0x539662 in checkModFileAlias ../../gcc-150221/gcc/d/dmd/dmodule.c:192 #7 0x539b45 in getFilename ../../gcc-150221/gcc/d/dmd/dmodule.c:241 #8 0x53a127 in Module::load(Loc, Array<Identifier*>*, Identifier*) ../../gcc-150221/gcc/d/dmd/dmodule.c:348 #9 0x4e0c78 in Import::load(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:154 #10 0x4e0ef5 in Import::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:173 #11 0x4e1b95 in Import::setScope(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:243 #12 0x42f975 in AttribDeclaration::setScope(Scope*) ../../gcc-150221/gcc/d/dmd/attrib.c:142 #13 0x4359de in ConditionalDeclaration::setScope(Scope*) ../../gcc-150221/gcc/d/dmd/attrib.c:864 #14 0x53d99b in Module::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dmodule.c:805 #15 0x4e0f9c in Import::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dimport.c:176 #16 0x53dabc in Module::importAll(Scope*) ../../gcc-150221/gcc/d/dmd/dmodule.c:811 #17 0x8f0c46 in d_parse_file ../../gcc-150221/gcc/d/d-lang.cc:1038 #18 0x1fed707 in compile_file ../../gcc-150221/gcc/toplev.c:457 #19 0x1ff69b9 in do_compile ../../gcc-150221/gcc/toplev.c:2197 #20 0x1ff721d in toplev::main(int, char**) ../../gcc-150221/gcc/toplev.c:2336 #21 0x4fba3ef in main ../../gcc-150221/gcc/main.c:39 #22 0x1483ad4dd1e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1) SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../gcc-150221/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:843 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) Shadow bytes around the buggy address: 0x0c047fffa030: fa fa 00 00 fa fa 00 00 fa fa fd fd fa fa 00 00 0x0c047fffa040: fa fa fd fd fa fa 00 00 fa fa fd fd fa fa 00 00 0x0c047fffa050: fa fa 00 00 fa fa fd fd fa fa 00 00 fa fa 00 00 0x0c047fffa060: fa fa 00 00 fa fa fd fd fa fa 00 00 fa fa 00 00 0x0c047fffa070: fa fa 00 00 fa fa fd fd fa fa 00 00 fa fa 00 00 =>0x0c047fffa080: fa fa 00 00 fa fa 00 00[fa]fa fa fa fa fa fa fa 0x0c047fffa090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffa0a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffa0b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffa0c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffa0d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2247079==ABORTING