Summary: | Aliasing violation in __vfscanf_internal | ||
---|---|---|---|
Product: | glibc | Reporter: | Andreas Schwab <schwab> |
Component: | stdio | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nsz, slyich, tuliom |
Priority: | P2 | ||
Version: | 2.25 | ||
Target Milestone: | 2.33 | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: | glibc-9999-alias.patch |
Description
Andreas Schwab
2020-10-01 11:53:45 UTC
Introduced in commit 726d48ec96. Created attachment 12883 [details]
glibc-9999-alias.patch
To add more color on the breakage: gcc-11 added new -fipa-modref optimization (enabled by default on -O and above) which is able to eliminate "dead" stores on pointers of incompatible types.
Attaching glibc-9999-alias.patch as a proof of concept fix that happens to unbreak glibc on gcc-11 for me.
i'm seeing this on aarch64 too: crypt/cert test case does not finish reading the input and fills up the disk: $ ./testrun.sh crypt/cert < $glibcsrc/crypt/cert.input K: 0000000000000000 P: 0000000000000000 C: 0000000000000000 Encrypt FAIL K: 0000000000000000 P: 0000000000000000 C: 0000000000000000 Encrypt FAIL K: 0000000000000000 P: 0000000000000000 C: 0000000000000000 Encrypt FAIL K: 0000000000000000 P: 0000000000000000 C: 0000000000000000 Encrypt FAIL K: 0000000000000000 P: 0000000000000000 C: 0000000000000000 Encrypt FAIL ... a cut down test case: #include <stdio.h> int main() { int r,t; r = sscanf("01", "%2x", &t); printf("scanf: %d %02x\n", r, t); return 0; } with new gcc it prints scanf: 0 00 with the patch from #c2 i get the expected scanf: 1 01 Fixed in 2.33. Thank you! Linking fix here for posterity: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c0e9ddf59e73e21afe15fca4e94cf7b4b7359bf2 |