public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/108343] New: ASAN at -O3 misses a heap-use-after-free
@ 2023-01-09 13:56 shaohua.li at inf dot ethz.ch
2023-01-09 15:04 ` [Bug sanitizer/108343] " marxin at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: shaohua.li at inf dot ethz.ch @ 2023-01-09 13:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108343
Bug ID: 108343
Summary: ASAN at -O3 misses a heap-use-after-free
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
For the following code, ASAN at -O3 misses the heap-use-after-free, while other
opt levels catch it.
% cat a.c
#include <stdlib.h>
int a, c;
char b;
int main() {
char **d = malloc(sizeof(char*));
for(int i=0; i<1; i++)
*d = malloc(sizeof(char));
d[0][0] = 0;
int e, f = -1;
free(d[0]);
free(d);
for (; a <= 1; a++) {
long g[1];
g;
c = f;
e = 0;
for (; e <= 1; e++) {
c |= d[a][0];
if (b)
c = a;
}
}
return c;
}
%
% gcc-tk -fsanitize=address -g -O2 a.c && ./a.out
=================================================================
==2253130==ERROR: AddressSanitizer: heap-use-after-free on address
0x602000000010 at pc 0x000000401210 bp 0x7ffdd10f9a90 sp 0x7ffdd10f9a88
READ of size 8 at 0x602000000010 thread T0
#0 0x40120f in main /zdata/shaoli/sanitizertesting/mutate/bugs/gcc/a.c:18
#1 0x7f15496b0082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId:
1878e6b475720c7c51969e69ab2d276fae6d1dee)
...
%
% gcc-tk -fsanitize=address -g -O3 a.c && ./a.out
%
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug sanitizer/108343] ASAN at -O3 misses a heap-use-after-free
2023-01-09 13:56 [Bug sanitizer/108343] New: ASAN at -O3 misses a heap-use-after-free shaohua.li at inf dot ethz.ch
@ 2023-01-09 15:04 ` marxin at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: marxin at gcc dot gnu.org @ 2023-01-09 15:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108343
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2023-01-09
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=108085
Status|UNCONFIRMED |NEW
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
It has similar symptoms like PR108085.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-09 15:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-09 13:56 [Bug sanitizer/108343] New: ASAN at -O3 misses a heap-use-after-free shaohua.li at inf dot ethz.ch
2023-01-09 15:04 ` [Bug sanitizer/108343] " marxin at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).