public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "mcross at irobot dot com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/103792] New: stack-use-after-scope false positive with exceptions on ARM EABI Date: Tue, 21 Dec 2021 15:28:36 +0000 [thread overview] Message-ID: <bug-103792-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103792 Bug ID: 103792 Summary: stack-use-after-scope false positive with exceptions on ARM EABI Product: gcc Version: 10.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: mcross at irobot dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- Created attachment 52039 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52039&action=edit reproduction code This is the same issue as https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81021 , except specific to ARM EABI. I think the same change needs to be applied to the ARM EABI specific code that sets up the call to __cxa_end_cleanup() in gcc/tree-eh.c. I have attached minimal code that reproduces the issue (well, as minimal as I could get it). To reproduce, this must be compiled with "-O1 -fsanitize=address". The reproduction code is also available on Compiler Explorer here: https://godbolt.org/z/5q1Yq5za3 Unfortunately it cannot run it there, but here is what I see when I run it (based on generated code addresses in that view): * At address 10cce is where the exception is thrown in the intermediate() function (it has inline the calls to the constructors for "struct Bad" and optimized it down to just throwing an exception). * The clean-up for for this PC in intermediate() is at 10cd2, and if you follow it through it effectively just poisons the stack and then calls __cxa_end_cleanup(). This leaves the stack poisoned after exception handling is complete, which later code then trips over.
next reply other threads:[~2021-12-21 15:28 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-12-21 15:28 mcross at irobot dot com [this message] 2021-12-21 15:31 ` [Bug sanitizer/103792] " mcross at irobot dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-103792-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).