[Bug libstdc++/108097] New: std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[Bug libstdc++/108097] New: std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[unlvsur at live dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

            Bug ID: 108097
           Summary: std::stacktrace AddressSanitizer:
                    new-delete-type-mismatch on 0x615000000080 in thread
                    T0
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: unlvsur at live dot com
  Target Milestone: ---

Created attachment 54089
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54089&action=edit
stacktrace sanitizer stderr

I try to crossback compiling stacktrace from windows to linux
D:\hg\fast_io\.wunao>x86_64-pc-linux-gnu-g++ -o stacktrace stacktrace.cc -Ofast
-std=c++23 -g -march=native -I../include -lstdc++_libbacktrace
-fsanitize=address,undefined

$ ./stacktrace 2>err.txt
     at D:\hg\fast_io\.wunao/stacktrace.cc:6
     at :0
     at :0
     at :0

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[unlvsur at live dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #1 from cqwrteur <unlvsur at live dot com> ---
#include<fast_io.h>
#include<stacktrace>

int main()
{
        for(auto const & e : std::stacktrace::current())
        {
                println(std::to_string(e));
        }
}

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[unlvsur at live dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #2 from cqwrteur <unlvsur at live dot com> ---
(In reply to cqwrteur from comment #1)
> #include<fast_io.h>
> #include<stacktrace>
> 
> int main()
> {
> 	for(auto const & e : std::stacktrace::current())
> 	{
> 		println(std::to_string(e));
> 	}
> }

btw windows support for std::stacktrace when? libbacktrace does support Windows
but libstdc++ does not.

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to cqwrteur from comment #1)
> #include<fast_io.h>

Please provide testcases that don't depend on your own headers. There's
absolutely no reason this can't use printf or std::cout.

Asan is wrong, operator delete(void*, size_t) can be used to delete memory from
operator new(size_t, nothrow_t).

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to cqwrteur from comment #2)
> btw windows support for std::stacktrace when? libbacktrace does support
> Windows but libstdc++ does not.

There are patches posted for review.

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[unlvsur at live dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #5 from cqwrteur <unlvsur at live dot com> ---
(In reply to Jonathan Wakely from comment #3)
> (In reply to cqwrteur from comment #1)
> > #include<fast_io.h>
> 
> Please provide testcases that don't depend on your own headers. There's
> absolutely no reason this can't use printf or std::cout.
> 
> Asan is wrong, operator delete(void*, size_t) can be used to delete memory
> from operator new(size_t, nothrow_t).

#include<iostream>
#include<stacktrace>

int main()
{
        for(auto const & e : std::stacktrace::current())
        {
                std::cout<<std::to_string(e)<<'\n';
        }
}

Still crashing by replacing with std::cout

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[unlvsur at live dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #6 from cqwrteur <unlvsur at live dot com> ---
> > Please provide testcases that don't depend on your own headers. There's
> > absolutely no reason this can't use printf or std::cout.

std::cout and stdio bloat my binary.

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #7 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to cqwrteur from comment #5)
> Still crashing by replacing with std::cout

Yes, of course, which is why you should have used that in the first place. Your
own fast_io.h is irrelevant to the problem.

(In reply to cqwrteur from comment #6)
> std::cout and stdio bloat my binary.

Yes, I know, you never stop going on about it. You don't need to optimize the
binary size of reproducers posted in bugzilla though, do you? The point should
be to demonstrate the problem effectively, not minimise binary size.

Nobody is going to download your fast_io.h to reproduce a bug.

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2022-12-14

--- Comment #8 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #3)
> Asan is wrong, operator delete(void*, size_t) can be used to delete memory
> from operator new(size_t, nothrow_t).

Oh it's complaining about the size, not the form of operator delete.

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #9 from Jonathan Wakely <redi at gcc dot gnu.org> ---
--- a/libstdc++-v3/include/std/stacktrace
+++ b/libstdc++-v3/include/std/stacktrace
@@ -608,8 +608,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
            {
              if constexpr (is_same_v<allocator_type, allocator<value_type>>)
                {
-                 __n *= sizeof(value_type);
-                 void* const __p = _GLIBCXX_OPERATOR_NEW (__n, nothrow_t{});
+                 size_t __n2 = __n * sizeof(value_type);
+                 void* const __p = _GLIBCXX_OPERATOR_NEW (__n2, nothrow_t{});
                  if (__p == nullptr) [[unlikely]]
                    return nullptr;
                  _M_frames = static_cast<pointer>(__p);

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jonathan Wakely <redi@gcc.gnu.org>:

https://gcc.gnu.org/g:881c6cabce5d0b27285ed41bd6dabdf48848cce7

commit r13-4701-g881c6cabce5d0b27285ed41bd6dabdf48848cce7
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Wed Dec 14 11:58:05 2022 +0000

    libstdc++: Fix size passed to operator delete [PR108097]

    The number of elements gets stored in _M_capacity so use a separate
    variable for the number of bytes to allocate.

    libstdc++-v3/ChangeLog:

            PR libstdc++/108097
            * include/std/stacktrace (basic_stracktrace::_Impl): Do not
            multiply N by sizeof(value_type) when allocating.

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |12.4
           Keywords|                            |wrong-code

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

--- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:

https://gcc.gnu.org/g:e9d58614b0b8eebd64d568fa22cd31faaa5f8dce

commit r12-8985-ge9d58614b0b8eebd64d568fa22cd31faaa5f8dce
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Wed Dec 14 11:58:05 2022 +0000

    libstdc++: Fix size passed to operator delete [PR108097]

    The number of elements gets stored in _M_capacity so use a separate
    variable for the number of bytes to allocate.

    libstdc++-v3/ChangeLog:

            PR libstdc++/108097
            * include/std/stacktrace (basic_stracktrace::_Impl): Do not
            multiply N by sizeof(value_type) when allocating.

    (cherry picked from commit 881c6cabce5d0b27285ed41bd6dabdf48848cce7)

[Bug libstdc++/108097] std::stacktrace AddressSanitizer: new-delete-type-mismatch on 0x615000000080 in thread T0

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108097

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
   Target Milestone|12.4                        |12.3
             Status|NEW                         |RESOLVED

--- Comment #12 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Fixed for 12.3