Debian Bug report logs - #639818
gcc-4.6: valgrind reports "Invalid read of size 4" in legal code

version graph

Package: gcc-4.6; Maintainer for gcc-4.6 is (unknown);

Reported by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

Date: Tue, 30 Aug 2011 15:09:01 UTC

Severity: important

Tags: upstream

Found in version gcc-4.6/4.6.1-4

Fixed in version 4.6.4-7+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, n.mavrogiannopoulos@gmail.com, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#639818; Package gcc-4.6. (Tue, 30 Aug 2011 15:09:04 GMT) (full text, mbox, link).


Acknowledgement sent to Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>:
New Bug report received and forwarded. Copy sent to n.mavrogiannopoulos@gmail.com, Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Tue, 30 Aug 2011 15:09:07 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gcc-4.6: valgrind reports "Invalid read of size 4" in legal code
Date: Tue, 30 Aug 2011 17:05:13 +0200
[Message part 1 (text/plain, inline)]
Package: gcc-4.6
Version: 4.6.1-4
Severity: important
Tags: upstream

The attached code is being miscompiled with gcc-4.6 (works perfectly with 4.4
or 4.5). The error can be seen if valgrind is run on the resulting executable
as:

==21804== Invalid read of size 4
==21804==    at 0x400437: main (c.c:12)
==21804==  Address 0x51b1048 is 8 bytes inside a block of size 11 alloc'd
==21804==    at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-
amd64-linux.so)
==21804==    by 0x40040D: main (c.c:9)

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gcc-4.6 depends on:
ii  binutils              2.21.52.20110606-2 The GNU assembler, linker and bina
ii  cpp-4.6               4.6.1-4            GNU C preprocessor
ii  gcc-4.6-base          4.6.1-4            GCC, the GNU Compiler Collection (
ii  libc6                 2.13-16            Embedded GNU C Library: Shared lib
ii  libcloog-ppl0         0.15.9-3           the Chunky Loop Generator (runtime
ii  libgcc1               1:4.6.1-4          GCC support library
ii  libgmp10              2:5.0.1+dfsg-7     Multiprecision arithmetic library
ii  libgmpxx4ldbl         2:5.0.1+dfsg-7     Multiprecision arithmetic library
ii  libgomp1              4.6.1-4            GCC OpenMP (GOMP) support library
ii  libmpc2               0.9-3              multiple precision complex floatin
ii  libmpfr4              3.0.1-5            multiple precision floating-point
ii  libppl-c4             0.11.2-4           Parma Polyhedra Library (C interfa
ii  libppl9               0.11.2-4           Parma Polyhedra Library (runtime l
ii  libquadmath0          4.6.1-4            GCC Quad-Precision Math Library
ii  zlib1g                1:1.2.3.4.dfsg-3   compression library - runtime

Versions of packages gcc-4.6 recommends:
ii  libc6-dev                     2.13-16    Embedded GNU C Library: Developmen

Versions of packages gcc-4.6 suggests:
pn  binutils-gold                 <none>     (no description available)
pn  gcc-4.6-doc                   <none>     (no description available)
pn  gcc-4.6-locales               <none>     (no description available)
pn  gcc-4.6-multilib              <none>     (no description available)
pn  libgcc1-dbg                   <none>     (no description available)
pn  libgomp1-dbg                  <none>     (no description available)
pn  libmudflap0-4.6-dev           <none>     (no description available)
pn  libmudflap0-dbg               <none>     (no description available)
pn  libquadmath0-dbg              <none>     (no description available)
[c.c (text/x-c, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#639818; Package gcc-4.6. (Fri, 07 Oct 2011 17:15:03 GMT) (full text, mbox, link).


Acknowledgement sent to John Reiser <vendor@BitWagon.com>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Fri, 07 Oct 2011 17:15:03 GMT) (full text, mbox, link).


Message #10 received at 639818@bugs.debian.org (full text, mbox, reply):

From: John Reiser <vendor@BitWagon.com>
To: "Debian Bug Tracking System" <639818@bugs.debian.org>
Subject: gcc-4.6: bad DWARF3 debug DW_AT_location for local variable on armel
Date: Fri, 07 Oct 2011 10:00:22 -0700
Followup-For: Bug #639818
Package: gcc-4.6
Version: 4.6.1-4

*** Please type your report below this line ***
"gcc -g -O" sometimes gives incorrect DWARF3 debug info for the DW_AT_location
of an on-stack local variable on armel architecture.

=====bug2.c
extern void ext(char *);

void croak ( char *p )
{
   ext(p);
   *(char *)p += 42;
}

void baz ( void )
{
  int v1;
  v1 = 1;
  {
      char v2[10];   // not a multiple of 4
      v2[0] = 2;
      croak( &v2[0] );
  }
  croak( (char*)&v1 );
}

int main ( void )
{
  baz();
  return 0;
}
=====end bug2.c

Compile with "gcc -g -c -S -O bug2.c" and inspect generated code.
Note my annotations after "#":
=====bug2.s
        .align  2
        .global baz
        .type   baz, %function
baz:
.LFB1:
        .loc 1 10 0
        .cfi_startproc
        @ Function supports interworking.
        @ args = 0, pretend = 0, frame = 16
        @ frame_needed = 0, uses_anonymous_args = 0
        str     lr, [sp, #-4]!
.LCFI1:
        .cfi_def_cfa_offset 4
        .cfi_offset 14, -4
        sub     sp, sp, #20
.LCFI2:
        .cfi_def_cfa_offset 24  # total sp displacement is 24 bytes
        .loc 1 12 0
        mov     r3, #1
        str     r3, [sp, #12]  # v1 DW_AT_location should be (12 - 24) = -12
.LVL2:
.LBB2:
        .loc 1 15 0
        add     r0, sp, #16
        mov     r3, #2
        strb    r3, [r0, #-16]!  # v2 DW_AT_location should be (16 - 16 - 24) = -24
        .loc 1 16 0
        mov     r0, sp
        bl      croak
.LBE2:
        .loc 1 18 0
        add     r0, sp, #12
        bl      croak
        .loc 1 19 0
        add     sp, sp, #20
        ldr     lr, [sp], #4
        bx      lr
        .cfi_endproc
.LFE1:
        .size   baz, .-baz

  [[snip]]

        .uleb128 0x7
        .ascii  "v1\000"
        .byte   0x1
        .byte   0xb
        .4byte  0x97
        .byte   0x2
        .byte   0x91
        .sleb128 -20  # ERROR: v1 DW_AT_location is -20; should be -12
        .uleb128 0x8
        .4byte  .LBB2
        .4byte  .LBE2
        .uleb128 0x7
        .ascii  "v2\000"
        .byte   0x1
        .byte   0xe
        .4byte  0x9e
        .byte   0x2
        .byte   0x91
        .sleb128 -24  # OK: v2 DW_AT_location is -24
        .byte   0
        .byte   0
=====

The error is confirmed by assembling "gcc -c bug2.s", then dumping the debug info:
===== readelf -wlLiaprmfFsoRt bug2.o >bug2.elf
 <2><72>: Abbrev Number: 7 (DW_TAG_variable)
    <73>   DW_AT_name        : v1
    <76>   DW_AT_decl_file   : 1
    <77>   DW_AT_decl_line   : 11
    <78>   DW_AT_type        : <0x97>
    <7c>   DW_AT_location    : 2 byte block: 91 6c      (DW_OP_fbreg: -20)  # should be -12
 <2><7f>: Abbrev Number: 8 (DW_TAG_lexical_block)
    <80>   DW_AT_low_pc      : 0x30
    <84>   DW_AT_high_pc     : 0x44
 <3><88>: Abbrev Number: 7 (DW_TAG_variable)
    <89>   DW_AT_name        : v2
    <8c>   DW_AT_decl_file   : 1
    <8d>   DW_AT_decl_line   : 14
    <8e>   DW_AT_type        : <0x9e>
    <92>   DW_AT_location    : 2 byte block: 91 68      (DW_OP_fbreg: -24)  # OK
=====

-- System Information:
Debian Release: wheezy/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'testing')
Architecture: armel (armv5tel)

Kernel: Linux 2.6.32-5-kirkwood
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gcc-4.6 depends on:
ii  binutils              2.21.52.20110606-2 The GNU assembler, linker and bina
ii  cpp-4.6               4.6.1-4            GNU C preprocessor
ii  gcc-4.6-base          4.6.1-4            GCC, the GNU Compiler Collection (
ii  libc6                 2.13-21            Embedded GNU C Library: Shared lib
ii  libcloog-ppl0         0.15.9-3           the Chunky Loop Generator (runtime
ii  libgcc1               1:4.6.1-4          GCC support library
ii  libgmp10              2:5.0.2+dfsg-1     Multiprecision arithmetic library
ii  libgmpxx4ldbl         2:5.0.2+dfsg-1     Multiprecision arithmetic library
ii  libgomp1              4.6.1-4            GCC OpenMP (GOMP) support library
ii  libmpc2               0.9-3              multiple precision complex floatin
ii  libmpfr4              3.0.1-6            multiple precision floating-point
ii  libppl-c4             0.11.2-4           Parma Polyhedra Library (C interfa
ii  libppl9               0.11.2-4           Parma Polyhedra Library (runtime l
ii  libstdc++6            4.6.1-4            GNU Standard C++ Library v3
ii  zlib1g                1:1.2.3.4.dfsg-3   compression library - runtime

Versions of packages gcc-4.6 recommends:
ii  libc6-dev                     2.13-21    Embedded GNU C Library: Developmen

Versions of packages gcc-4.6 suggests:
pn  binutils-gold                 <none>     (no description available)
pn  gcc-4.6-doc                   <none>     (no description available)
pn  gcc-4.6-locales               <none>     (no description available)
ii  libgcc1-dbg                   1:4.6.1-4  GCC support library (debug symbols
ii  libgomp1-dbg                  4.6.1-4    GCC OpenMP (GOMP) support library
pn  libmudflap0-4.6-dev           <none>     (no description available)
ii  libmudflap0-dbg               4.6.1-4    GCC mudflap shared support librari
pn  libquadmath-dbg               <none>     (no description available)

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#639818; Package gcc-4.6. (Tue, 25 Oct 2011 12:57:03 GMT) (full text, mbox, link).


Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Tue, 25 Oct 2011 12:57:08 GMT) (full text, mbox, link).


Message #15 received at 639818@bugs.debian.org (full text, mbox, reply):

From: Simon Josefsson <simon@josefsson.org>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Cc: 639818@bugs.debian.org
Subject: Re: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_4-28-ga416d28
Date: Tue, 25 Oct 2011 14:31:49 +0200
Nikos Mavrogiannopoulos <nmav@gnutls.org> writes:

> On 10/25/2011 01:25 PM, Simon Josefsson wrote:
>> "Nikos Mavrogiannopoulos" <nmav@gnutls.org> writes:
>> 
>>>     use coding.c from libtasn1 git, to avoid issue when compiled with gcc-4.6.
>> 
>> Hi Nikos!  What's the issue?  (maybe it hates strcat?)  Should I do a
>> new libtasn1 release with the fix?
>
> It looks like a gcc issue. I've reported it at:
> http://lists.debian.org/debian-gcc/2011/08/msg00192.html

I wonder if that's not the same strlen bug I've seen sometimes:

https://bugzilla.redhat.com/show_bug.cgi?id=678518#c2

Possibly strcat does a strlen internally, which results in the optimized
strlen behaviour reading out of bounds that triggers valgrind.

> The fix is a work around, however given that there is no fix for gcc in
> debian, a new libtasn1 that doesn't have this issue would be best.

There is some gnulib fixes in there too, and maybe I can find some other
minor issue to fix as well.... so I can make another release.

/Simon




Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Fri, 21 Aug 2015 13:45:54 GMT) (full text, mbox, link).


Notification sent to Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>:
Bug acknowledged by developer. (Fri, 21 Aug 2015 13:45:54 GMT) (full text, mbox, link).


Message #20 received at 639818-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 75773-done@bugs.debian.org,624854-done@bugs.debian.org,626869-done@bugs.debian.org,628063-done@bugs.debian.org,629009-done@bugs.debian.org,629137-done@bugs.debian.org,629866-done@bugs.debian.org,630090-done@bugs.debian.org,630441-done@bugs.debian.org,630746-done@bugs.debian.org,631427-done@bugs.debian.org,633458-done@bugs.debian.org,633477-done@bugs.debian.org,635153-done@bugs.debian.org,635214-done@bugs.debian.org,637885-done@bugs.debian.org,639818-done@bugs.debian.org,641374-done@bugs.debian.org,641859-done@bugs.debian.org,643852-done@bugs.debian.org,644727-done@bugs.debian.org,645018-done@bugs.debian.org,646160-done@bugs.debian.org,646163-done@bugs.debian.org,646733-done@bugs.debian.org,647425-done@bugs.debian.org,647552-done@bugs.debian.org,650803-done@bugs.debian.org,653493-done@bugs.debian.org,658251-done@bugs.debian.org,659865-done@bugs.debian.org,666743-done@bugs.debian.org,668949-done@bugs.debian.org,670084-done@bugs.debian.org,672996-done@bugs.debian.org,676558-done@bugs.debian.org,696506-done@bugs.debian.org,698685-done@bugs.debian.org,704999-done@bugs.debian.org,715947-done@bugs.debian.org,764220-done@bugs.debian.org,780965-done@bugs.debian.org,793873-done@bugs.debian.org,
Cc: gcc-4.6@packages.debian.org, gcc-4.6@packages.qa.debian.org
Subject: Bug#796274: Removed package(s) from unstable
Date: Fri, 21 Aug 2015 13:43:08 +0000
Version: 4.6.4-7+rm

Dear submitter,

as the package gcc-4.6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/796274

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Sep 2015 07:29:16 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Sep 6 03:04:40 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.