[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 --- Comment #7 from Martin Liška --- Author: marxin Date: Thu May 23 10:12:01 2019 New Revision: 271548 URL: https://gcc.gnu.org/viewcvs?rev=271548=gcc=rev Log: Do not instrument static target_expr for use-after-scope (PR sanitizer/90570). 2019-05-23 Martin Liska PR sanitizer/90570 * gimplify.c (gimplify_target_expr): Skip TREE_STATIC target expression similarly to gimplify_decl_expr. 2019-05-23 Martin Liska PR sanitizer/90570 * g++.dg/asan/pr90570.C: New test. Added: trunk/gcc/testsuite/g++.dg/asan/pr90570.C Modified: trunk/gcc/ChangeLog trunk/gcc/gimplify.c trunk/gcc/testsuite/ChangeLog
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 --- Comment #6 from Martin Liška --- Patch candidate: https://gcc.gnu.org/ml/gcc-patches/2019-05/msg01559.html
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 Martin Liška changed: What|Removed |Added Keywords||patch --- Comment #5 from Martin Liška --- I've got a patch candidate.
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 --- Comment #4 from Martin Liška --- (In reply to Jakub Jelinek from comment #3) > Given the TREE_STATIC on: > static const int C.0[2] = {1, 2}; > I don't understand why there is ASAN_UNPOISON/ASAN_POISON for C.0, shouldn't > that be applied solely to automatic variables, not block scope locals? Ah, you are right. We shouldn't do it for static variables.
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 --- Comment #3 from Jakub Jelinek --- Given the TREE_STATIC on: static const int C.0[2] = {1, 2}; I don't understand why there is ASAN_UNPOISON/ASAN_POISON for C.0, shouldn't that be applied solely to automatic variables, not block scope locals?
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 Martin Liška changed: What|Removed |Added CC||jason at gcc dot gnu.org --- Comment #2 from Martin Liška --- Started with r260969 where Jason emit initializer list initialization as automatic variable instead of a const int variable. Difference: BEFORE: stru::stru (struct stru * const this) { struct initializer_list D.17010; const int D.16442[2]; struct allocator_type D.16443; _1 = >v; D.16442[0] = 1; D.16442[1] = 2; D.17010._M_array = D.17010._M_len = 2; .ASAN_MARK (UNPOISON, , 1); std::allocator::allocator (); try { try { std::vector::vector (_1, D.17010, ); } finally { std::allocator::~allocator (); } } finally { .ASAN_MARK (POISON, , 1); } try { this->i = 5; } catch { _2 = >v; std::vector::~vector (_2); } } AFTER: stru::stru (struct stru * const this) { struct initializer_list D.17010; static const int C.0[2] = {1, 2}; struct allocator_type D.16443; _1 = >v; .ASAN_MARK (UNPOISON, , 8); try { D.17010._M_array = D.17010._M_len = 2; .ASAN_MARK (UNPOISON, , 1); std::allocator::allocator (); try { try { std::vector::vector (_1, D.17010, ); } finally { std::allocator::~allocator (); } } finally { .ASAN_MARK (POISON, , 1); } } finally { .ASAN_MARK (POISON, , 8); } try { this->i = 5; } catch { _2 = >v; std::vector::~vector (_2); } } I believe we're doing good and the code is really invalid. Jason?
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2019-05-22 Known to work||8.3.0 Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org Target Milestone|--- |9.2 Summary|AddressSanitizer: |[9/10 Regression] |stack-use-after-scope |AddressSanitizer: ||stack-use-after-scope Ever confirmed|0 |1 Known to fail||10.0, 9.1.0 --- Comment #1 from Martin Liška --- Let me take a look..