Debian Bug report logs -
#639818
gcc-4.6: valgrind reports "Invalid read of size 4" in legal code
Reported by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Date: Tue, 30 Aug 2011 15:09:01 UTC
Severity: important
Tags: upstream
Found in version gcc-4.6/4.6.1-4
Fixed in version 4.6.4-7+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, n.mavrogiannopoulos@gmail.com, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#639818; Package gcc-4.6.
(Tue, 30 Aug 2011 15:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>:
New Bug report received and forwarded. Copy sent to n.mavrogiannopoulos@gmail.com, Debian GCC Maintainers <debian-gcc@lists.debian.org>.
(Tue, 30 Aug 2011 15:09:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: gcc-4.6
Version: 4.6.1-4
Severity: important
Tags: upstream
The attached code is being miscompiled with gcc-4.6 (works perfectly with 4.4
or 4.5). The error can be seen if valgrind is run on the resulting executable
as:
==21804== Invalid read of size 4
==21804== at 0x400437: main (c.c:12)
==21804== Address 0x51b1048 is 8 bytes inside a block of size 11 alloc'd
==21804== at 0x4C2779D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-
amd64-linux.so)
==21804== by 0x40040D: main (c.c:9)
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gcc-4.6 depends on:
ii binutils 2.21.52.20110606-2 The GNU assembler, linker and bina
ii cpp-4.6 4.6.1-4 GNU C preprocessor
ii gcc-4.6-base 4.6.1-4 GCC, the GNU Compiler Collection (
ii libc6 2.13-16 Embedded GNU C Library: Shared lib
ii libcloog-ppl0 0.15.9-3 the Chunky Loop Generator (runtime
ii libgcc1 1:4.6.1-4 GCC support library
ii libgmp10 2:5.0.1+dfsg-7 Multiprecision arithmetic library
ii libgmpxx4ldbl 2:5.0.1+dfsg-7 Multiprecision arithmetic library
ii libgomp1 4.6.1-4 GCC OpenMP (GOMP) support library
ii libmpc2 0.9-3 multiple precision complex floatin
ii libmpfr4 3.0.1-5 multiple precision floating-point
ii libppl-c4 0.11.2-4 Parma Polyhedra Library (C interfa
ii libppl9 0.11.2-4 Parma Polyhedra Library (runtime l
ii libquadmath0 4.6.1-4 GCC Quad-Precision Math Library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages gcc-4.6 recommends:
ii libc6-dev 2.13-16 Embedded GNU C Library: Developmen
Versions of packages gcc-4.6 suggests:
pn binutils-gold <none> (no description available)
pn gcc-4.6-doc <none> (no description available)
pn gcc-4.6-locales <none> (no description available)
pn gcc-4.6-multilib <none> (no description available)
pn libgcc1-dbg <none> (no description available)
pn libgomp1-dbg <none> (no description available)
pn libmudflap0-4.6-dev <none> (no description available)
pn libmudflap0-dbg <none> (no description available)
pn libquadmath0-dbg <none> (no description available)
[c.c (text/x-c, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#639818; Package gcc-4.6.
(Fri, 07 Oct 2011 17:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to John Reiser <vendor@BitWagon.com>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>.
(Fri, 07 Oct 2011 17:15:03 GMT) (full text, mbox, link).
Message #10 received at 639818@bugs.debian.org (full text, mbox, reply):
Followup-For: Bug #639818
Package: gcc-4.6
Version: 4.6.1-4
*** Please type your report below this line ***
"gcc -g -O" sometimes gives incorrect DWARF3 debug info for the DW_AT_location
of an on-stack local variable on armel architecture.
=====bug2.c
extern void ext(char *);
void croak ( char *p )
{
ext(p);
*(char *)p += 42;
}
void baz ( void )
{
int v1;
v1 = 1;
{
char v2[10]; // not a multiple of 4
v2[0] = 2;
croak( &v2[0] );
}
croak( (char*)&v1 );
}
int main ( void )
{
baz();
return 0;
}
=====end bug2.c
Compile with "gcc -g -c -S -O bug2.c" and inspect generated code.
Note my annotations after "#":
=====bug2.s
.align 2
.global baz
.type baz, %function
baz:
.LFB1:
.loc 1 10 0
.cfi_startproc
@ Function supports interworking.
@ args = 0, pretend = 0, frame = 16
@ frame_needed = 0, uses_anonymous_args = 0
str lr, [sp, #-4]!
.LCFI1:
.cfi_def_cfa_offset 4
.cfi_offset 14, -4
sub sp, sp, #20
.LCFI2:
.cfi_def_cfa_offset 24 # total sp displacement is 24 bytes
.loc 1 12 0
mov r3, #1
str r3, [sp, #12] # v1 DW_AT_location should be (12 - 24) = -12
.LVL2:
.LBB2:
.loc 1 15 0
add r0, sp, #16
mov r3, #2
strb r3, [r0, #-16]! # v2 DW_AT_location should be (16 - 16 - 24) = -24
.loc 1 16 0
mov r0, sp
bl croak
.LBE2:
.loc 1 18 0
add r0, sp, #12
bl croak
.loc 1 19 0
add sp, sp, #20
ldr lr, [sp], #4
bx lr
.cfi_endproc
.LFE1:
.size baz, .-baz
[[snip]]
.uleb128 0x7
.ascii "v1\000"
.byte 0x1
.byte 0xb
.4byte 0x97
.byte 0x2
.byte 0x91
.sleb128 -20 # ERROR: v1 DW_AT_location is -20; should be -12
.uleb128 0x8
.4byte .LBB2
.4byte .LBE2
.uleb128 0x7
.ascii "v2\000"
.byte 0x1
.byte 0xe
.4byte 0x9e
.byte 0x2
.byte 0x91
.sleb128 -24 # OK: v2 DW_AT_location is -24
.byte 0
.byte 0
=====
The error is confirmed by assembling "gcc -c bug2.s", then dumping the debug info:
===== readelf -wlLiaprmfFsoRt bug2.o >bug2.elf
<2><72>: Abbrev Number: 7 (DW_TAG_variable)
<73> DW_AT_name : v1
<76> DW_AT_decl_file : 1
<77> DW_AT_decl_line : 11
<78> DW_AT_type : <0x97>
<7c> DW_AT_location : 2 byte block: 91 6c (DW_OP_fbreg: -20) # should be -12
<2><7f>: Abbrev Number: 8 (DW_TAG_lexical_block)
<80> DW_AT_low_pc : 0x30
<84> DW_AT_high_pc : 0x44
<3><88>: Abbrev Number: 7 (DW_TAG_variable)
<89> DW_AT_name : v2
<8c> DW_AT_decl_file : 1
<8d> DW_AT_decl_line : 14
<8e> DW_AT_type : <0x9e>
<92> DW_AT_location : 2 byte block: 91 68 (DW_OP_fbreg: -24) # OK
=====
-- System Information:
Debian Release: wheezy/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'testing')
Architecture: armel (armv5tel)
Kernel: Linux 2.6.32-5-kirkwood
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gcc-4.6 depends on:
ii binutils 2.21.52.20110606-2 The GNU assembler, linker and bina
ii cpp-4.6 4.6.1-4 GNU C preprocessor
ii gcc-4.6-base 4.6.1-4 GCC, the GNU Compiler Collection (
ii libc6 2.13-21 Embedded GNU C Library: Shared lib
ii libcloog-ppl0 0.15.9-3 the Chunky Loop Generator (runtime
ii libgcc1 1:4.6.1-4 GCC support library
ii libgmp10 2:5.0.2+dfsg-1 Multiprecision arithmetic library
ii libgmpxx4ldbl 2:5.0.2+dfsg-1 Multiprecision arithmetic library
ii libgomp1 4.6.1-4 GCC OpenMP (GOMP) support library
ii libmpc2 0.9-3 multiple precision complex floatin
ii libmpfr4 3.0.1-6 multiple precision floating-point
ii libppl-c4 0.11.2-4 Parma Polyhedra Library (C interfa
ii libppl9 0.11.2-4 Parma Polyhedra Library (runtime l
ii libstdc++6 4.6.1-4 GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages gcc-4.6 recommends:
ii libc6-dev 2.13-21 Embedded GNU C Library: Developmen
Versions of packages gcc-4.6 suggests:
pn binutils-gold <none> (no description available)
pn gcc-4.6-doc <none> (no description available)
pn gcc-4.6-locales <none> (no description available)
ii libgcc1-dbg 1:4.6.1-4 GCC support library (debug symbols
ii libgomp1-dbg 4.6.1-4 GCC OpenMP (GOMP) support library
pn libmudflap0-4.6-dev <none> (no description available)
ii libmudflap0-dbg 4.6.1-4 GCC mudflap shared support librari
pn libquadmath-dbg <none> (no description available)
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#639818; Package gcc-4.6.
(Tue, 25 Oct 2011 12:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>.
(Tue, 25 Oct 2011 12:57:08 GMT) (full text, mbox, link).
Message #15 received at 639818@bugs.debian.org (full text, mbox, reply):
Nikos Mavrogiannopoulos <nmav@gnutls.org> writes:
> On 10/25/2011 01:25 PM, Simon Josefsson wrote:
>> "Nikos Mavrogiannopoulos" <nmav@gnutls.org> writes:
>>
>>> use coding.c from libtasn1 git, to avoid issue when compiled with gcc-4.6.
>>
>> Hi Nikos! What's the issue? (maybe it hates strcat?) Should I do a
>> new libtasn1 release with the fix?
>
> It looks like a gcc issue. I've reported it at:
> http://lists.debian.org/debian-gcc/2011/08/msg00192.html
I wonder if that's not the same strlen bug I've seen sometimes:
https://bugzilla.redhat.com/show_bug.cgi?id=678518#c2
Possibly strcat does a strlen internally, which results in the optimized
strlen behaviour reading out of bounds that triggers valgrind.
> The fix is a work around, however given that there is no fix for gcc in
> debian, a new libtasn1 that doesn't have this issue would be best.
There is some gnulib fixes in there too, and maybe I can find some other
minor issue to fix as well.... so I can make another release.
/Simon
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Fri, 21 Aug 2015 13:45:54 GMT) (full text, mbox, link).
Notification sent
to Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>:
Bug acknowledged by developer.
(Fri, 21 Aug 2015 13:45:54 GMT) (full text, mbox, link).
Message #20 received at 639818-done@bugs.debian.org (full text, mbox, reply):
Version: 4.6.4-7+rm
Dear submitter,
as the package gcc-4.6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/796274
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 19 Sep 2015 07:29:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Sep 6 03:04:40 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.