public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/110099] New: GCC's Address Sanitizer misses 'stack-use-after-scope' when accessing variable from the same scope
@ 2023-06-02 20:24 egor_suvorov at mail dot ru
2023-06-02 20:39 ` [Bug sanitizer/110099] " pinskia at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: egor_suvorov at mail dot ru @ 2023-06-02 20:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110099
Bug ID: 110099
Summary: GCC's Address Sanitizer misses 'stack-use-after-scope'
when accessing variable from the same scope
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: egor_suvorov at mail dot ru
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Consider the following code:
int main() {
struct S {
int *x;
~S() { *x = 10; }
} s;
// {
int x;
s.x = &x;
// }
}
I believe `s`'s destructor tries to access variable `x` when it is already
destroyed, so it should be a 'stack-use-after-scope' error.
GCC 12 and 13 do not seem to catch it when compiled with `-fsanitize=address`,
but Clang and Visual Studio 2019 do: https://godbolt.org/z/7MqGr8Y3r
If I uncomment curly brackets, `x` ends up in its own scope and now all three
compilers are able to detect the error. Maybe GCC calls destructors first and
marks variables as unavailable for ASan later?
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug sanitizer/110099] GCC's Address Sanitizer misses 'stack-use-after-scope' when accessing variable from the same scope
2023-06-02 20:24 [Bug sanitizer/110099] New: GCC's Address Sanitizer misses 'stack-use-after-scope' when accessing variable from the same scope egor_suvorov at mail dot ru
@ 2023-06-02 20:39 ` pinskia at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-06-02 20:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110099
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-06-02
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The order of making the variable as POSION is in the wrong order and not before
the finally.
Also can be repdoceud using the attribute cleanup:
```
void g(void *a)
{
*(int*)a = 10;
}
int main() {
int *t __attribute__((cleanup(g)));
int x = 0;
t = &x;
}
```
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-02 20:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-02 20:24 [Bug sanitizer/110099] New: GCC's Address Sanitizer misses 'stack-use-after-scope' when accessing variable from the same scope egor_suvorov at mail dot ru
2023-06-02 20:39 ` [Bug sanitizer/110099] " pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).