public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "shaohua.li at inf dot ethz.ch" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108637] New: ASAN at -O2 misses a stack-use-after-scope Date: Thu, 02 Feb 2023 12:10:18 +0000 [thread overview] Message-ID: <bug-108637-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108637 Bug ID: 108637 Summary: ASAN at -O2 misses a stack-use-after-scope Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: shaohua.li at inf dot ethz.ch CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- For the following code, ASAN at -O2 cannot detect the stack-use-after-scope. This happens since GCC-11. GCC-10 and below work fine. I understand that there is a type-incompatible warning. But I believe it should not affect the ASAN anyway. Compiler explorer: https://godbolt.org/z/WcbadP961 % cat a.c char a, b, c; short d; int main() { { long e = a; for (; b <= 0; b++) { char *f; d = 2; for (; d; d--) { int g = 111; f = &g; if (e) c = 0; } *f += 1; a = *f; } } } % % gcc-tk -fsanitize=address -O2 a.c && ./a.out % % gcc-tk -fsanitize=address -O1 a.c && ./a.out ================================================================= ==1==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fb285e00020 at pc 0x000000401272 bp 0x7ffda17739c0 sp 0x7ffda17739b8 READ of size 1 at 0x7fb285e00020 thread T0 #0 0x401271 in main /a.c:15 #1 0x7fb28883d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #2 0x4010bd in _start (/output.s+0x4010bd) (BuildId: cb6e8e9c15b7d8e5515d7e6b8591d2b77b5f3e21) Address 0x7fb285e00020 is located in stack of thread T0 at offset 32 in frame #0 0x401185 in main /a.c:3 This frame has 1 object(s): [32, 36) 'g' (line 10) <== Memory access at offset 32 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope /a.c:15 in main Shadow bytes around the buggy address: ... %
next reply other threads:[~2023-02-02 12:10 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-02 12:10 shaohua.li at inf dot ethz.ch [this message] 2023-02-02 19:33 ` [Bug sanitizer/108637] " pinskia at gcc dot gnu.org 2023-02-02 21:51 ` shaohua.li at inf dot ethz.ch 2023-02-02 22:06 ` shaohua.li at inf dot ethz.ch 2023-02-03 13:32 ` marxin at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-108637-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).