https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236
--- Comment #4 from Dominik Schmidt <d...@dominik-schmidt.de> --- AddressSanitizer output: ================================================================= ==597==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7e842bd0 at pc 0x00013d20 bp 0x7e8428dc sp 0x7e8428d4 READ of size 16 at 0x7e842bd0 thread T0 #0 0x13d1f in void __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<int const, double> > >::construct<std::pair<int const, double>, std::pair<int const, double> const&>(std::pair<int const, double>*, std::pair<int const, double> const&) (/tmp/crashTest+0x13d1f) #1 0x13b0f in void std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<int const, double> > > >::construct<std::pair<int const, double>, std::pair<int const, double> const&>(std::allocator<std::_Rb_tree_node<std::pair<int const, double> > >&, std::pair<int const, double>*, std::pair<int const, double> const&) (/tmp/crashTest+0x13b0f) #2 0x13a27 in void std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_M_construct_node<std::pair<int const, double> const&>(std::_Rb_tree_node<std::pair<int const, double> >*, std::pair<int const, double> const&) (/tmp/crashTest+0x13a27) #3 0x1381b in std::_Rb_tree_node<std::pair<int const, double> >* std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_M_create_node<std::pair<int const, double> const&>(std::pair<int const, double> const&) (/tmp/crashTest+0x1381b) #4 0x1352f in std::_Rb_tree_node<std::pair<int const, double> >* std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_Alloc_node::operator()<std::pair<int const, double> const&>(std::pair<int const, double> const&) const (/tmp/crashTest+0x1352f) #5 0x12b23 in std::_Rb_tree_iterator<std::pair<int const, double> > std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_M_insert_<std::pair<int const, double> const&, std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*, std::pair<int const, double> const&, std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_Alloc_node&) (/tmp/crashTest+0x12b23) #6 0x11953 in std::_Rb_tree_iterator<std::pair<int const, double> > std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_M_insert_unique_<std::pair<int const, double> const&, std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_Alloc_node>(std::_Rb_tree_const_iterator<std::pair<int const, double> >, std::pair<int const, double> const&, std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_Alloc_node&) (/tmp/crashTest+0x11953) #7 0x11337 in void std::_Rb_tree<int, std::pair<int const, double>, std::_Select1st<std::pair<int const, double> >, std::less<int>, std::allocator<std::pair<int const, double> > >::_M_insert_unique<std::pair<int const, double> const*>(std::pair<int const, double> const*, std::pair<int const, double> const*) (/tmp/crashTest+0x11337) #8 0x110a7 in std::map<int, double, std::less<int>, std::allocator<std::pair<int const, double> > >::map(std::initializer_list<std::pair<int const, double> >, std::less<int> const&, std::allocator<std::pair<int const, double> > const&) (/tmp/crashTest+0x110a7) #9 0x13e87 in main (/tmp/crashTest+0x13e87) #10 0x766cb83f in __libc_start_main (/test/crosscan-test/lib/libc.so.6+0x1683f) Address 0x7e842bd0 is located in stack of thread T0 at offset 112 in frame #0 0x13d8f in main (/tmp/crashTest+0x13d8f) This frame has 2 object(s): [32, 56) 'j1' [96, 120) 'j3' <== Memory access at offset 112 partially overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/tmp/crashTest+0x13d1f) in void __gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<int const, double> > >::construct<std::pair<int const, double>, std::pair<int const, double> const&>(std::pair<int const, double>*, std::pair<int const, double> const&) Shadow bytes around the buggy address: 0x2fd08520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x2fd08530: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 0x2fd08540: 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x2fd08550: 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f3 f3 f3 f3 0x2fd08560: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x2fd08570: 00 00 00 f4 f2 f2 f2 f2 00 00[00]f4 f3 f3 f3 f3 0x2fd08580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x2fd08590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x2fd085a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x2fd085b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x2fd085c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==597==ABORTING