Unaddressable error beyond TOS reported for variable-length automatic arrays in MinGW

[matlo]

Hello,

Thanks a lot for your work on Drmemory!

I'm using msys2+mingw64, and Drmemory reports an error on every variable-length automatic array.

Example:

size_t count = 0;
/* ... compute count ... */
int myarray[count]; // Drmemory reports "UNADDRESSABLE ACCESS beyond top of stack"

[Carrotman42]

Thanks for your bug report! Can you provide a bit more information, such as the optimization mode that you used, and a more self-contained source code reproducer? It'd also be nice to know the drmemory-related commands you ran so that I'm not fumbling around trying to figure out what you did blindly :)

So you're saying the statement int myarray[count] is the problem? It sounds like the compiler is doing something wonky for the variable-allocated array; could you share the disassembly of the app around that point? (or, ideally, the disassembly of the minimal reproducer.)

[matlo]

It seems having the allocation in a dll is a condition to reproduce the issue. See attached sample.

ab.tar.gz

matlo@matlo-desktop /tmp $ tar xvf ab.tar.gz 
ab/
ab/a.c
ab/b.c
ab/compile.sh
matlo@matlo-desktop /tmp $ cd ab/
matlo@matlo-desktop /tmp/ab $ ./compile.sh 

Result:

Dr. Memory version 2.2.0 build 1 built on Jul  1 2019 00:40:18
Windows version: WinVer=105;Rel=1903;Build=18362;Edition=Professional
Dr. Memory results for pid 6632: "b.exe"
Application cmdline: "C:\msys64_GIMX_7\home\Matlo\ab\b.exe"
Recorded 117 suppression(s) from default C:\Users\Matlo\Desktop\DrMemory-Windows-2.2.0-1\bin64\suppress-default.txt

Error #1: UNADDRESSABLE ACCESS beyond top of stack: reading 0x000000000066fad0-0x000000000066fad8 8 byte(s)
# 0 .text                                   [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/pseudo-reloc.c:374]
# 1 _pei386_runtime_relocator               [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/pseudo-reloc.c:472]
# 2 __tmainCRTStartup                       [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:287]
# 3 .l_start                                [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:219]
# 4 KERNEL32.dll!BaseThreadInitThunk
Note: @0:00:00.160 in thread 7972
Note: 0x000000000066fad0 refers to 712 byte(s) beyond the top of the stack 0x000000000066fd98
Note: instruction: or     $0x0000000000000000 (%rcx) -> (%rcx)

Error #2: UNADDRESSABLE ACCESS beyond top of stack: reading 0x000000000066fcf0-0x000000000066fcf8 8 byte(s)
# 0 liba.dll!___chkstk_ms      [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/pseudo-reloc.c:374]
# 1 liba.dll!afunc             [C:\msys64_GIMX_7\home\Matlo\ab/a.c:4]
# 2 main                       [C:\msys64_GIMX_7\home\Matlo\ab/b.c:8]
Note: @0:00:00.200 in thread 7972
Note: 0x000000000066fcf0 refers to 136 byte(s) beyond the top of the stack 0x000000000066fd78
Note: instruction: or     $0x0000000000000000 (%rcx) -> (%rcx)

Error #3: POSSIBLE LEAK 54 direct bytes 0x00000000018a01c0-0x00000000018a01f6 + 0 indirect bytes
# 0 replace_malloc                    [d:\drmemory_package\common\alloc_replace.c:2577]
# 1 msvcrt.dll!malloc_crt
# 2 msvcrt.dll!_setargv  
# 3 msvcrt.dll!_getmainargs
# 4 pre_cpp_init                      [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:169]
# 5 msvcrt.dll!initterm  
# 6 __tmainCRTStartup                 [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:277]
# 7 .l_start                          [C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:219]
# 8 KERNEL32.dll!BaseThreadInitThunk

===========================================================================
FINAL SUMMARY:

DUPLICATE ERROR COUNTS:
    Error #   1:      2
    Error #   2:      2

SUPPRESSIONS USED:

ERRORS FOUND:

      2 unique,     4 total unaddressable access(es)
      0 unique,     0 total uninitialized access(es)
      0 unique,     0 total invalid heap argument(s)
      0 unique,     0 total GDI usage error(s)
      0 unique,     0 total handle leak(s)
      0 unique,     0 total warning(s)
      0 unique,     0 total,      0 byte(s) of leak(s)
      1 unique,     1 total,     54 byte(s) of possible leak(s)
ERRORS IGNORED:
      3 unique,     3 total,     69 byte(s) of still-reachable allocation(s)
         (re-run with "-show_reachable" for details)
Details: C:\Users\Matlo\Desktop\DrMemory-Windows-2.2.0-1\drmemory\logs\DrMemory-b.exe.6632.000\results.txt

[Carrotman42]

Could be similar to #2222 or #2228: MinGW is not a well-supported toolchain. If you are able to investigate further and come up with a fix we would happily accept a PR.

[Izacht13]

There wouldn't happen to be a temporary fix for this, would there?

[derekbruening]

False positives with consistent callstack patterns always have a workaround: suppress them. http://drmemory.org/docs/page_suppress.html

[derekbruening]

This may be the related to #2248