From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id BE727385783A; Wed, 14 Oct 2020 10:08:35 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BE727385783A From: "chfast at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) Date: Wed, 14 Oct 2020 10:08:35 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: 10.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: chfast at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2020 10:08:35 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97415 Bug ID: 97415 Summary: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) Product: gcc Version: 10.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: chfast at gmail dot com Target Milestone: --- When my application is instrumented with -fsanitize=3Daddress,pointer-compa= re and running under ASAN_OPTIONS=3Ddetect_invalid_pointer_pairs=3D2, I get for following failure in basic_stringbuf::str() =3D=3D3879=3D=3DERROR: AddressSanitizer: invalid-pointer-pair: 0x7ffcdf273b= 66 0x000000000000 #0 0x5597a6c6d786 in std::__cxx11::basic_stringbuf, std::allocator >::str() const /usr/include/c++/10/sstream:184 #1 0x5597a6c6d786 in std::__cxx11::basic_ostringstream, std::allocator >::str() const /usr/include/c++/10/sstream:678 #2 0x5597a6c6d786 in std::basic_ostream >& std::__detail::operator<< , std::__cxx11::basic_string, std::allocator > const&>(std::basic_ostream >&, std::__detail::_Quoted_string, std::allocator > const&, char> const&) /usr/include/c++/10/bits/quoted_string.h:130 #3 0x5597a6c6d786 in std::basic_ostream >& std::filesystem::__cxx11::operator<< >(std::basic_ostream >&, std::filesystem::__cxx11::path const&) /usr/include/c++/10/bits/fs_path.h:4= 41 #4 0x5597a6c6d786 in log_total /home/builder/project/test/spectests/spectests.cpp:675 #5 0x5597a6c48939 in run_tests_from_dir /home/builder/project/test/spectests/spectests.cpp:708 #6 0x5597a6c48939 in main /home/builder/project/test/spectests/spectests.cpp:750 Here is the implementation of basic_stringbuf::str() used for compilation: __string_type str() const { __string_type __ret(_M_string.get_allocator()); if (this->pptr()) { // The current egptr() may not be the actual string end. if (this->pptr() > this->egptr()) __ret.assign(this->pbase(), this->pptr()); else __ret.assign(this->pbase(), this->egptr()); } else __ret =3D _M_string; return __ret; } In the line `if (this->pptr() > this->egptr())`, the `this->egptr()` may be nullptr and therefore AddressSanitizer complains about this comparison. I don't have handy repro code for the issue, but I can try to build one if desired. GCC version: cpp (Debian 10.2.0-15) 10.2.0=