This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/78106] New: ASAN can't find heap-use-after-free with -O1
- From: "marxin at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 25 Oct 2016 11:12:02 +0000
- Subject: [Bug sanitizer/78106] New: ASAN can't find heap-use-after-free with -O1
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78106
Bug ID: 78106
Summary: ASAN can't find heap-use-after-free with -O1
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: marxin at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Running following code snippet:
int *variable;
void release()
{
__builtin_free (variable);
}
int main2(int argc)
{
*variable = 2;
if (argc <= 5)
asm volatile ("call release");
*variable = 2;
__builtin_abort ();
return 0;
}
int main(int argc, char **argv)
{
variable = __builtin_malloc (sizeof(int));
return main2(argc);
}
$ gcc asm-test.c -fsanitize=address -O1 && ./a.out
Aborted (core dumped)
$ gcc asm-test.c -fsanitize=address -O0 && ./a.out
=================================================================
==7550==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000eff0
at pc 0x000000400885 bp 0x7fff26b46520 sp 0x7fff26b46518
WRITE of size 4 at 0x60200000eff0 thread T0
#0 0x400884 in main2 (/tmp/a.out+0x400884)
#1 0x4008be in main (/tmp/a.out+0x4008be)
#2 0x7ff63783a290 in __libc_start_main (/lib64/libc.so.6+0x20290)
#3 0x400719 in _start (/tmp/a.out+0x400719)
...
I'm having patch for that that I'll send shortly.