[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 --- Comment #7 from Martin Liška --- Author: marxin Date: Thu May 23 10:12:01 2019 New Revision: 271548 URL: https://gcc.gnu.org/viewcvs?rev=271548=gcc=rev Log: Do not instrument static target_expr for use-after-scope (PR sanitizer/90570). 2019-05-23 Martin Liska PR sanitizer/90570 * gimplify.c (gimplify_target_expr): Skip TREE_STATIC target expression similarly to gimplify_decl_expr. 2019-05-23 Martin Liska PR sanitizer/90570 * g++.dg/asan/pr90570.C: New test. Added: trunk/gcc/testsuite/g++.dg/asan/pr90570.C Modified: trunk/gcc/ChangeLog trunk/gcc/gimplify.c trunk/gcc/testsuite/ChangeLog
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 --- Comment #6 from Martin Liška --- Patch candidate: https://gcc.gnu.org/ml/gcc-patches/2019-05/msg01559.html
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 Martin Liška changed: What|Removed |Added Keywords||patch --- Comment #5 from Martin Liška --- I've got a patch candidate.
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570
--- Comment #4 from Martin Liška ---
(In reply to Jakub Jelinek from comment #3)
> Given the TREE_STATIC on:
> static const int C.0[2] = {1, 2};
> I don't understand why there is ASAN_UNPOISON/ASAN_POISON for C.0, shouldn't
> that be applied solely to automatic variables, not block scope locals?
Ah, you are right. We shouldn't do it for static variables.
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570
--- Comment #3 from Jakub Jelinek ---
Given the TREE_STATIC on:
static const int C.0[2] = {1, 2};
I don't understand why there is ASAN_UNPOISON/ASAN_POISON for C.0, shouldn't
that be applied solely to automatic variables, not block scope locals?
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570
Martin Liška changed:
What|Removed |Added
CC||jason at gcc dot gnu.org
--- Comment #2 from Martin Liška ---
Started with r260969 where Jason emit initializer list initialization as
automatic variable instead of a const int variable.
Difference:
BEFORE:
stru::stru (struct stru * const this)
{
struct initializer_list D.17010;
const int D.16442[2];
struct allocator_type D.16443;
_1 = >v;
D.16442[0] = 1;
D.16442[1] = 2;
D.17010._M_array =
D.17010._M_len = 2;
.ASAN_MARK (UNPOISON, , 1);
std::allocator::allocator ();
try
{
try
{
std::vector::vector (_1, D.17010, );
}
finally
{
std::allocator::~allocator ();
}
}
finally
{
.ASAN_MARK (POISON, , 1);
}
try
{
this->i = 5;
}
catch
{
_2 = >v;
std::vector::~vector (_2);
}
}
AFTER:
stru::stru (struct stru * const this)
{
struct initializer_list D.17010;
static const int C.0[2] = {1, 2};
struct allocator_type D.16443;
_1 = >v;
.ASAN_MARK (UNPOISON, , 8);
try
{
D.17010._M_array =
D.17010._M_len = 2;
.ASAN_MARK (UNPOISON, , 1);
std::allocator::allocator ();
try
{
try
{
std::vector::vector (_1, D.17010, );
}
finally
{
std::allocator::~allocator ();
}
}
finally
{
.ASAN_MARK (POISON, , 1);
}
}
finally
{
.ASAN_MARK (POISON, , 8);
}
try
{
this->i = 5;
}
catch
{
_2 = >v;
std::vector::~vector (_2);
}
}
I believe we're doing good and the code is really invalid. Jason?
[Bug sanitizer/90570] [9/10 Regression] AddressSanitizer: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90570 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2019-05-22 Known to work||8.3.0 Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org Target Milestone|--- |9.2 Summary|AddressSanitizer: |[9/10 Regression] |stack-use-after-scope |AddressSanitizer: ||stack-use-after-scope Ever confirmed|0 |1 Known to fail||10.0, 9.1.0 --- Comment #1 from Martin Liška --- Let me take a look..
