https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85774

            Bug ID: 85774
           Summary: Incorrect stack-use-after-scope caused by missing
                    cleanup of shadow bytes
           Product: gcc
           Version: 8.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jwyatt at feralinteractive dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

The code:

#include <functional>

void DoSomething(){}

void DoFunc(const std::function<void(void)>& func)
{
        func();
}

void Setup()
{
        switch (1)
        {
                case 1:
                {
                        DoFunc([](){});
                        break;
                }
                case 2:
                {
                        DoFunc([](){});
                        break;
                }
                default:
                        break;
        }

        DoSomething();
}

void DemostrateBadPoisoning()
{
        DoFunc([](){});
}

int main()
{
        Setup();
        DemostrateBadPoisoning();
        return 0;
}

will cause an AddressSanitizer stack-use-after-scope error in
DemonstrateBadPoisoning. This appears to be because the shadow bytes for the
stack of Setup are not completely zeroed on function exit.

Compiled with: g++ -O0 -g -fsanitize=address -Wall -Wextra

gcc version 8.1.1 20180502 (Red Hat 8.1.1-1) (GCC)

Reply via email to