public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "marxin at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108085] gcc trunk's ASAN at -O3 missed a stack-use-after-scope Date: Wed, 14 Dec 2022 08:26:46 +0000 [thread overview] Message-ID: <bug-108085-4-w6CHolxjpO@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-108085-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108085 Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org Last reconfirmed| |2022-12-14 Status|UNCONFIRMED |ASSIGNED Ever confirmed|0 |1 --- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> --- I can take a look. Note I can't reproduce it with Clang with any of -O1+ options: $ clang pr108085.c -fsanitize=address -w && ./a.out ================================================================= ==20150==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffff5e00030 at pc 0x55555566a2aa bp 0x7fffffffd510 sp 0x7fffffffd508 READ of size 4 at 0x7ffff5e00030 thread T0 #0 0x55555566a2a9 in main pr108085.c #1 0x7ffff7ca35af in __libc_start_call_main (/lib64/libc.so.6+0x275af) (BuildId: 3f7f40d4302fa8a9568a057065c023bf137fceb7) #2 0x7ffff7ca3678 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x27678) (BuildId: 3f7f40d4302fa8a9568a057065c023bf137fceb7) #3 0x5555555a9d64 in _start /home/abuild/rpmbuild/BUILD/glibc-2.36/csu/../sysdeps/x86_64/start.S:115 Address 0x7ffff5e00030 is located in stack of thread T0 at offset 48 in frame #0 0x55555566a11f in main pr108085.c This frame has 2 object(s): [32, 36) 'd' [48, 52) 'f' <== Memory access at offset 48 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope pr108085.c in main Shadow bytes around the buggy address: 0x10007ebb7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10007ebb8000: f1 f1 f1 f1 04 f2[f8]f3 00 00 00 00 00 00 00 00 0x10007ebb8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007ebb8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==20150==ABORTING $ clang pr108085.c -fsanitize=address -w -O1 && ./a.out (no output)
next prev parent reply other threads:[~2022-12-14 8:26 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-12-13 16:08 [Bug sanitizer/108085] New: " shaohua.li at inf dot ethz.ch 2022-12-14 8:26 ` marxin at gcc dot gnu.org [this message] 2022-12-14 8:27 ` [Bug sanitizer/108085] " rguenth at gcc dot gnu.org 2022-12-23 15:25 ` marxin at gcc dot gnu.org 2022-12-23 15:25 ` marxin at gcc dot gnu.org 2023-02-02 19:39 ` pinskia at gcc dot gnu.org 2023-02-02 19:45 ` pinskia at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-108085-4-w6CHolxjpO@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).