[Bug c++/98993] New: Potential memory problem in GCC compiled with ASAN on

zhan3299 at purdue dot edu gcc-bugzilla@gcc.gnu.org
Mon Feb 8 00:01:02 GMT 2021 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98993

            Bug ID: 98993
           Summary: Potential memory problem in GCC compiled with ASAN on
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zhan3299 at purdue dot edu
  Target Milestone: ---

Created attachment 50141
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50141&action=edit
poc.cc

Hi all,

Hope I do not bother too much. 

I got a crafted program which will trigger an internal compiler error in GCC
10.2.0 compiled with ASAN. Note that it means the GCC is compiled with ASAN,
instead of GCC compiling the crafted program with ASAN.

The crafted program is named as poc.cc, and the ICE can be triggered by "g++
poc.cc".

It is also noting that when the GCC is not compiled with ASAN, the ICE cannot
be reproduced. As such, I guess there is a potential memory problem. Maybe I
did something wrong here, and it is very appreciated if anyone can correct me. 

Again, I do hope I do not bother too much, and apologize in advance.

Followings are the detailed information.


--- poc.cc starts ---
constexpr _([]{struct v __builtin_unre0c00ble();goto l union s
__builtin_unre0c00ble();l:
--- poc.cc ends ---


--- md5 of poc.cc starts ---
b3b9e2c84ed1d7ea07b0ead058e3340d 
--- md5 of poc.cc ends ---


--- error trace starts ---
$ ./xg++ poc.cc

poc.cc:1:11: error: ISO C++ forbids declaration of ‘_’ with no type
[-fpermissive]
    1 | constexpr _([]{struct v __builtin_unre0c00ble();goto l union s
__builtin_unre0c00ble();l:
      |           ^
poc.cc: In lambda function:
poc.cc:1:55: error: expected ‘;’ before ‘union’
    1 | constexpr _([]{struct v __builtin_unre0c00ble();goto l union s
__builtin_unre0c00ble();l:
      |                                                       ^~~~~~
      |                                                       ;
poc.cc:1:64: error: conflicting declaration of C function ‘<lambda()>::s
__builtin_unre0c00ble()’
    1 | constexpr _([]{struct v __builtin_unre0c00ble();goto l union s
__builtin_unre0c00ble();l:
      |                                                               
^~~~~~~~~~~~~~~~~~~~~
poc.cc:1:25: note: previous declaration ‘<lambda()>::v __builtin_unre0c00ble()’
    1 | constexpr _([]{struct v __builtin_unre0c00ble();goto l union s
__builtin_unre0c00ble();l:
      |                         ^~~~~~~~~~~~~~~~~~~~~
poc.cc:1:88: internal compiler error: Segmentation fault
    1 | constexpr _([]{struct v __builtin_unre0c00ble();goto l union s
__builtin_unre0c00ble();l:
      |                                                                        
               ^
0x1b279d0 crash_signal(int)
        ../../gcc/gcc/toplev.c:328
0xd999f8 contains_struct_check(tree_node*, tree_node_structure_enum, char
const*, int, char const*)
        ../../gcc/gcc/tree.h:3407
0xea9b02 decl_jump_unsafe(tree_node*)
        ../../gcc/gcc/cp/decl.c:3235
0xf0b630 check_previous_goto_1(tree_node*, cp_binding_level*, tree_node*, bool,
unsigned int const*)
        ../../gcc/gcc/cp/decl.c:3299
0xf0b4c0 check_previous_goto(tree_node*, named_label_use_entry*)
        ../../gcc/gcc/cp/decl.c:3382
0xec233f define_label_1(unsigned int, tree_node*)
        ../../gcc/gcc/cp/decl.c:3569
0xec206b define_label(unsigned int, tree_node*)
        ../../gcc/gcc/cp/decl.c:3582
0x11349eb finish_label_stmt(tree_node*)
        ../../gcc/gcc/cp/semantics.c:1721
0x101c468 cp_parser_label_for_labeled_statement(cp_parser*, tree_node*)
        ../../gcc/gcc/cp/parser.c:11634
0x101bc43 cp_parser_statement(cp_parser*, tree_node*, bool, bool*,
vec<tree_node*, va_heap, vl_ptr>*, unsigned int*)
        ../../gcc/gcc/cp/parser.c:11430
0x101b91a cp_parser_statement_seq_opt(cp_parser*, tree_node*)
        ../../gcc/gcc/cp/parser.c:11843
0x101b647 cp_parser_compound_statement(cp_parser*, tree_node*, int, bool)
        ../../gcc/gcc/cp/parser.c:11793
0x1025da4 cp_parser_function_body(cp_parser*, bool)
        ../../gcc/gcc/cp/parser.c:23079
0x102deb9 cp_parser_lambda_body(cp_parser*, tree_node*)
        ../../gcc/gcc/cp/parser.c:11223
0x101a145 cp_parser_lambda_expression(cp_parser*)
        ../../gcc/gcc/cp/parser.c:10593
0x1017e01 cp_parser_primary_expression(cp_parser*, bool, bool, bool, bool,
cp_id_kind*)
        ../../gcc/gcc/cp/parser.c:5416
0x101258c cp_parser_postfix_expression(cp_parser*, bool, bool, bool, bool,
cp_id_kind*)
        ../../gcc/gcc/cp/parser.c:7257
0x1006c52 cp_parser_unary_expression(cp_parser*, cp_id_kind*, bool, bool, bool)
        ../../gcc/gcc/cp/parser.c:8560
0x100595e cp_parser_cast_expression(cp_parser*, bool, bool, bool, cp_id_kind*)
        ../../gcc/gcc/cp/parser.c:9458
0x1002dd5 cp_parser_binary_expression(cp_parser*, bool, bool, bool,
cp_parser_prec, cp_id_kind*)
        ../../gcc/gcc/cp/parser.c:9561
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
--- error trace ends ---

More information about the Gcc-bugs mailing list