Re: Program that segfaults with-Ofast

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04.01.2018 15:03, Mason wrote:
On 04/01/2018 13:16, Andrew Haley wrote:
On 04/01/18 12:13, Christer Solskogen wrote:
On 04.01.2018 12:18, David Brown wrote:

Start with

	-fsanitize=address
	-fsanitize=undefined

Adding -fsanitize=undefined gets rid of the segfault. Funny.
But -fsanitize=address gave a lot of hints.
Thanks! I think I have something to go with now!

When you find it, I'm sure we'll be interested to know what ot was.

Uninitialized pointer / pointer offset?

Christer, can you post the warnings from the sanitizer?


==19180==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7efff87e at pc 0x007d0828 bp 0x7efff764 sp 0x7efff750
WRITE of size 1 at 0x7efff87e thread T0
#0 0x7d0827 in kickstart_fix_checksum(unsigned char*, int) src/rommgr.cpp:1722
#1 0x7b9773 in read_kickstart src/memory.cpp:607
#2 0x7b9773 in read_kickstart_version(uae_prefs*) src/memory.cpp:1151
#3 0x7abd1f in fixup_prefs(uae_prefs*, bool) src/main.cpp:195
#4 0x7abd1f in real_main2 src/main.cpp:678
#5 0x7abd1f in real_main(int, char**) src/main.cpp:784
#6 0x486d3f in main src/osdep/amiberry.cpp:920
#7 0x76232a7f in __libc_start_main (/usr/lib/libc.so.6+0x16a7f)

Address 0x7efff87e is located in stack of thread T0 at offset 158 in frame
#0 0x7b956b in read_kickstart_version(uae_prefs*) src/memory.cpp:1144

This frame has 2 object(s):
[32, 52) 'buffer'
[96, 128) 'mem' <== Memory access at offset 158 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow src/rommgr.cpp:1722 in kickstart_fix_checksum(unsigned char*, int)
Shadow bytes around the buggy address:
0x2fdffeb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdffec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdffed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdffee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdffef0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x2fdfff00: 00 00 04 f2 f2 f2 f2 f2 00 00 00 00 f3 f3 f3[f3]
0x2fdfff10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdfff20: 00 00 00 00 f1 f1 f1 f1 01 f2 f2 f2 00 00 00 00
0x2fdfff30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdfff40: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x2fdfff50: 00 00 00 00 00 04 f2 f2 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==19180==ABORTING
[Inferior 1 (process 19180) exited with code 01]




[Index of Archives]     [Linux C Programming]     [Linux Kernel]     [eCos]     [Fedora Development]     [Fedora Announce]     [Autoconf]     [The DWARVES Debugging Tools]     [Yosemite Campsites]     [Yosemite News]     [Linux GCC]

  Powered by Linux