[Bug sanitizer/81021] stack-use-after-scope false positive error with exceptions

Thu, 13 Jul 2017 10:50:06 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81021

--- Comment #29 from Ed Catmur <ed at catmur dot co.uk> ---
Created attachment 41750
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41750&action=edit
stack-use-after-scope-read.cpp

Another testcase, no library required. Slight difference here is that the
offending op is a READ:

$ g++ -ggdb3 -fsanitize=address a.cpp && ./a.out 
=================================================================
==32502==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7fffb9ce33c8 at pc 0x000000400c8c bp 0x7fffb9ce33b0 sp 0x7fffb9ce33a8
READ of size 8 at 0x7fffb9ce33c8 thread T0
    #0 0x400c8b in from a.cpp:5
    #1 0x4010b8 in C::g() a.cpp:20
    #2 0x401073 in C::f() a.cpp:19
    #3 0x401011 in C::~C() a.cpp:16
    #4 0x40117e in A::~A() a.cpp:26
    #5 0x400ef2 in main a.cpp:62
    #6 0x7fd33f017d5c in __libc_start_main (/lib64/libc.so.6+0x1ed5c)
    #7 0x400b88  (a.out+0x400b88)

Address 0x7fffb9ce33c8 is located in stack of thread T0
SUMMARY: AddressSanitizer: stack-use-after-scope a.cpp:5 in from
Shadow bytes around the buggy address:
  0x100077394620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077394630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077394640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077394650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077394660: 00 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100077394670: 00 00 00 00 00 00 f8 f8 f8[f8]f8 00 00 00 00 00
  0x100077394680: 00 00 f8 f8 f8 f8 f8 f8 00 00 00 00 00 00 00 00
  0x100077394690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000773946a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000773946b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000773946c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==32502==ABORTING

FWIW this was reduced from a Boost.PropertyTree testcase.

Confirming this is fixed by revision 249833 /
5b64e274ea8c9aaedcebc1d6ad285a11e64ab086

Reply via email to