This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c++/62017] AddressSanitizer reports *-buffer-overflow in destructor when multiple virtual inheritance is used
- From: "chefmax at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 18 Sep 2014 08:02:19 +0000
- Subject: [Bug c++/62017] AddressSanitizer reports *-buffer-overflow in destructor when multiple virtual inheritance is used
- Auto-submitted: auto-generated
- References: <bug-62017-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62017
Maxim Ostapenko <chefmax at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chefmax at gcc dot gnu.org
--- Comment #2 from Maxim Ostapenko <chefmax at gcc dot gnu.org> ---
Here another reprocase (diamond inheritance):
======================
struct A {
int x;
virtual ~A() {}
};
struct B: public virtual A {
};
struct C: public virtual A {
};
struct D: public B, virtual public C {
};
int main() {
D d;
}
==24761==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffff1d86bf8 at pc 0x400e1b bp 0x7ffff1d86b70 sp 0x7ffff1d86b68
WRITE of size 24 at 0x7ffff1d86bf8 thread T0
#0 0x400e1a in C::~C() (/home/max/build/gcc-upstream-x86_64/a.out+0x400e1a)
#1 0x401257 in D::~D() (/home/max/build/gcc-upstream-x86_64/a.out+0x401257)
#2 0x400a8b in main (/home/max/build/gcc-upstream-x86_64/a.out+0x400a8b)
#3 0x7f7487a1676c in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
#4 0x400918 (/home/max/build/gcc-upstream-x86_64/a.out+0x400918)
Address 0x7ffff1d86bf8 is located in stack of thread T0 at offset 56 in frame
#0 0x400a17 in main (/home/max/build/gcc-upstream-x86_64/a.out+0x400a17)
This frame has 1 object(s):
[32, 64) 'd' <== Memory access at offset 56 partially overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 C::~C()
Shadow bytes around the buggy address:
0x10007e3a8d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007e3a8d70: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00[00]
0x10007e3a8d80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e3a8dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
==24761==ABORTING
Compiled with recent GCC version:
GNU C++ (GCC) version 5.0.0 20140916 (experimental) (x86_64-unknown-linux-gnu)