https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70712
Bug ID: 70712 Summary: False positive from memory sanitizer with use of 'alignas' Product: gcc Version: 6.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: rogero at howzatt dot demon.co.uk CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org Target Milestone: --- Created attachment 38302 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38302&action=edit Sample program demonstrating the false positive The attached simple program generates a false positive with address sanitizer on x86_64 Linux. The problem seems to be related to the alignas attribute on the 'owner' object. $ g++ -v Using built-in specs. COLLECT_GCC=g++ COLLECT_LTO_WRAPPER=/opt/reactor-buildkit/B2BH-BK2GIT44-2/gcc/bin/../libexec/gcc/x86_64-pc-linux-gnu/6.0.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: ../configure --prefix=/data/bamboo.agent.home/xml-data/build-dir/B2BH-BKC0-JOB1/build/install --enable-cloog-backend --enable-lto --enable-languages=c,c++ --enable-libstdcxx-time --enable-gold --enable-plugins --disable-multilib --enable-werror=no --enable-libstdcxx-dual-abi --with-default-libstdcxx-abi=gcc4-compatible Thread model: posix gcc version 6.0.0 20160413 (experimental) (GCC) $ g++ -fsanitize=address stack-buffer-overflow.cxx && ./a.out ================================================================= ==12917==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc5bb30020 at pc 0x7f1fede0851c bp 0x7ffc5bb2ff50 sp 0x7ffc5bb2f700 WRITE of size 8 at 0x7ffc5bb30020 thread T0 #0 0x7f1fede0851b in __interceptor_memset ../../../../libsanitizer/asan/asan_interceptors.cc:451 #1 0x4009d9 in Buffer::Buffer(Owner&) (/home/rorr/test/prXXXXX/a.out+0x4009d9) #2 0x40089a in main (/home/rorr/test/prXXXXX/a.out+0x40089a) #3 0x3b81a1ed5c in __libc_start_main (/lib64/libc.so.6+0x3b81a1ed5c) #4 0x4006e8 (/home/rorr/test/prXXXXX/a.out+0x4006e8) Address 0x7ffc5bb30020 is located in stack of thread T0 at offset 160 in frame #0 0x4007e5 in main (/home/rorr/test/prXXXXX/a.out+0x4007e5) This frame has 2 object(s): [64, 128) 'owner' [192, 648) 'buffer' <== Memory access at offset 160 underflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../libsanitizer/asan/asan_interceptors.cc:451 in __interceptor_memset Shadow bytes around the buggy address: 0x10000b75dfb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75dfc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75dfd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75dfe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75dff0: f1 f1 f1 f1 f1 f1 f1 f1 00 00 00 00 00 00 00 00 =>0x10000b75e000: f2 f2 f2 f2[f2]f2 f2 f2 00 00 00 00 00 00 00 00 0x10000b75e010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75e020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75e030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000b75e040: 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x10000b75e050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==12917==ABORTING (Also fails with gcc 5.3.0)