[Bug sanitizer/80578] New: -fsanitize=undefined report yields memory leak

Sun, 30 Apr 2017 12:56:45 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80578

            Bug ID: 80578
           Summary: -fsanitize=undefined report yields memory leak
           Product: gcc
           Version: 6.3.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: gcc at gms dot tf
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

When compiling a program with both -fsanitize=address and -fsanitize=undefined
where undefined sanitzer complains about a UB issue yields a memory leak which
is detected by LeakSanitizer.

Example:

$ cat main.cc 
#include <iostream>

struct A { virtual ~A()=default; int a; };
struct B { virtual ~B()=default; int a; };

int main(int argc, char **argv)
{
  A *a = new A;
  a->a = argc;
  std::cout << a->a << '\n';
  B *b = reinterpret_cast<B*>(a);
  delete b;
  return 0;
}
$ /a.out 
1
main.cc:12:10: runtime error: member call on address 0x60200000eff0 which does
not point to an object of type 'B'
0x60200000eff0: note: object is of type 'A'
 01 00 80 5f  f8 17 40 00 00 00 00 00  01 00 00 00 be be be be  00 00 00 00 00
00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'A'

=================================================================
==10149==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4 byte(s) in 2 object(s) allocated from:
    #0 0x7f806bb20210 in realloc (/lib64/libasan.so.3+0xc7210)
    #1 0x7f806b763033  (/lib64/libstdc++.so.6+0x92033)

SUMMARY: AddressSanitizer: 4 byte(s) leaked in 2 allocation(s).

$ echo $?
1


Expected behaviour: Just the runtime error message and no reported memory
leaks.


GDB says that this is in:

(gdb) l *0x92033
0x92033 is in d_growable_string_callback_adapter (cp-demangle.c:3863).


When compiling without undefined sanitizer the leak is gone:


$ g++ -fsanitize=address -g main.cc 
$ ./a.out 
1
$ echo $?
0


Also, as expected, when just compiling with undefined sanitizer:

$ g++  -fsanitize=undefined -g main.cc
$ ./a.out 
1
main.cc:12:10: runtime error: member call on address 0x000001250c20 which does
not point to an object of type 'B'
0x000001250c20: note: object is of type 'A'
 00 00 00 00  70 10 40 00 00 00 00 00  01 00 00 00 00 00 00 00  00 00 00 00 00
00 00 00  11 04 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'A'
$ echo $?
0

Reply via email to