[Bug c++/91056] New: Fail: asan reports stack-use-after-scope in valid program

[grishalipenko at protonmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91056

            Bug ID: 91056
           Summary: Fail: asan reports stack-use-after-scope in valid
                    program
           Product: gcc
           Version: 9.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: grishalipenko at protonmail dot com
  Target Milestone: ---

#include <memory>
#include <vector>

class A
{
public:
  A ()
  {
    g = std::make_unique<double> (2.0);
  }
private:
  std::unique_ptr<double> g;
  std::vector<int> v = {1, 2, 3, 4};
};

int main (/*int argc, char *argv[]*/)
{
  for (int i = 0; i < 2; i++)
    auto a = std::make_unique<A> ();   
  return 0;
}

grigorij.lipenko@WS236 ~ $ g++ -g prog.cpp -Wall -Wextra -std=c++17
-fsanitize=address
grigorij.lipenko@WS236 ~ $ ./a.out 
=================================================================
==41033==ERROR: AddressSanitizer: stack-use-after-scope on address
0x000000200da0 at pc 0x7fe16ee380b0 bp 0x7ffe398abce0 sp 0x7ffe398ab488
READ of size 16 at 0x000000200da0 thread T0
    #0 0x7fe16ee380af in memmove (/lib64/libasan.so.5+0xa10af)
    #1 0x204fad in int* std::__copy_move<false, true,
std::random_access_iterator_tag>::__copy_m<int>(int const*, int const*, int*)
/usr/include/c++/9/bits/stl_algobase.h:386
    #2 0x204f41 in int* std::__copy_move_a<false, int const*, int*>(int const*,
int const*, int*) /usr/include/c++/9/bits/stl_algobase.h:404
    #3 0x204e64 in int* std::__copy_move_a2<false, int const*, int*>(int
const*, int const*, int*) /usr/include/c++/9/bits/stl_algobase.h:440
    #4 0x204cc8 in int* std::copy<int const*, int*>(int const*, int const*,
int*) /usr/include/c++/9/bits/stl_algobase.h:474
    #5 0x204bc2 in int* std::__uninitialized_copy<true>::__uninit_copy<int
const*, int*>(int const*, int const*, int*)
/usr/include/c++/9/bits/stl_uninitialized.h:101
    #6 0x2049b2 in int* std::uninitialized_copy<int const*, int*>(int const*,
int const*, int*) /usr/include/c++/9/bits/stl_uninitialized.h:134
    #7 0x204399 in int* std::__uninitialized_copy_a<int const*, int*, int>(int
const*, int const*, int*, std::allocator<int>&)
/usr/include/c++/9/bits/stl_uninitialized.h:289
    #8 0x203dcf in void std::vector<int, std::allocator<int>
>::_M_range_initialize<int const*>(int const*, int const*,
std::forward_iterator_tag) /usr/include/c++/9/bits/stl_vector.h:1582
    #9 0x20362e in std::vector<int, std::allocator<int>
>::vector(std::initializer_list<int>, std::allocator<int> const&)
/usr/include/c++/9/bits/stl_vector.h:626
    #10 0x20332f in A::A() /home/grigorij.lipenko/prog.cpp:8
    #11 0x203993 in std::_MakeUniq<A>::__single_object std::make_unique<A>()
/usr/include/c++/9/bits/unique_ptr.h:853
    #12 0x20319f in main /home/grigorij.lipenko/prog.cpp:19
    #13 0x7fe16e89bf32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
    #14 0x20302d in _start (/home/grigorij.lipenko/a.out+0x20302d)

0x000000200da0 is located 0 bytes inside of global variable 'C.0' defined in
'prog.cpp:8:3' (0x200da0) of size 16
SUMMARY: AddressSanitizer: stack-use-after-scope (/lib64/libasan.so.5+0xa10af)
in memmove
Shadow bytes around the buggy address:
  0x000080038160: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
  0x000080038170: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
  0x000080038180: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080038190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800381a0: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0000800381b0: 00 00 00 00[f8]f8 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0000800381c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800381d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800381e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800381f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080038200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==41033==ABORTING

Not reproduced with gcc 8.3.0 and clang 7.1.0