From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 96DE43858D28; Tue, 31 Jan 2023 03:35:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 96DE43858D28 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1675136159; bh=8V7clGo8cnBP7rHuWLIShYRD9AfKp5bMvPXgNAwntRc=; h=From:To:Subject:Date:In-Reply-To:References:From; b=wkQE1Z8t8cuvpZv4CeLZgRZKyy0Ds8lxRrbzgBlNcfoEhhVZnr9IRMfeWuzkFnleC dbfhfb7GUjdObIsYOaFl0lZXl/Aoqp2O5zOiwgaB03WMeLpMCywVbMe+0+wv7/ecsD StEdPUNjJ+DrHK42r/avusamqaEMUGVWcCsKdtd8= From: "pinskia at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/61597] Unexpected behavior at runtime Date: Tue, 31 Jan 2023 03:35:56 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 4.9.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: pinskia at gcc dot gnu.org X-Bugzilla-Status: REOPENED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D61597 --- Comment #21 from Andrew Pinski --- The trunk can detect this with the reduced testcase in comment #16 with -fsanitize=3Daddress (it could not in GCC 12 though): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D1=3D=3DERROR: AddressSanitizer: stack-use-after-return on address 0x7= fed23a00020 at pc 0x000000401410 bp 0x7ffd3ef98df0 sp 0x7ffd3ef98de8 READ of size 4 at 0x7fed23a00020 thread T0 #0 0x40140f in main /app/example.cpp:18 #1 0x7fed26088082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #2 0x4010ed in _start (/app/output.s+0x4010ed) (BuildId: eae82a9845e6e2c7baecc615e9a9cf9fe73eac81) Address 0x7fed23a00020 is located in stack of thread T0 at offset 32 in fra= me #0 0x4011b5 in func(Iter, int) /app/example.cpp:11 This frame has 1 object(s): [32, 36) 'iter' (line 11) <=3D=3D Memory access at offset 32 is inside = this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return /app/example.cpp:18 in ma= in Shadow bytes around the buggy address: 0x7fed239ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed239ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed239ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed239fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed239fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =3D>0x7fed23a00000: f5 f5 f5 f5[f5]f5 f5 f5 00 00 00 00 00 00 00 00 0x7fed23a00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed23a00100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed23a00180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed23a00200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fed23a00280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb =3D=3D1=3D=3DABORTING=