[Bug sanitizer/108343] New: ASAN at -O3 misses a heap-use-after-free
shaohua.li at inf dot ethz.ch
gcc-bugzilla@gcc.gnu.org
Mon Jan 9 13:56:03 GMT 2023
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108343
Bug ID: 108343
Summary: ASAN at -O3 misses a heap-use-after-free
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
For the following code, ASAN at -O3 misses the heap-use-after-free, while other
opt levels catch it.
% cat a.c
#include <stdlib.h>
int a, c;
char b;
int main() {
char **d = malloc(sizeof(char*));
for(int i=0; i<1; i++)
*d = malloc(sizeof(char));
d[0][0] = 0;
int e, f = -1;
free(d[0]);
free(d);
for (; a <= 1; a++) {
long g[1];
g;
c = f;
e = 0;
for (; e <= 1; e++) {
c |= d[a][0];
if (b)
c = a;
}
}
return c;
}
%
% gcc-tk -fsanitize=address -g -O2 a.c && ./a.out
=================================================================
==2253130==ERROR: AddressSanitizer: heap-use-after-free on address
0x602000000010 at pc 0x000000401210 bp 0x7ffdd10f9a90 sp 0x7ffdd10f9a88
READ of size 8 at 0x602000000010 thread T0
#0 0x40120f in main /zdata/shaoli/sanitizertesting/mutate/bugs/gcc/a.c:18
#1 0x7f15496b0082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId:
1878e6b475720c7c51969e69ab2d276fae6d1dee)
...
%
% gcc-tk -fsanitize=address -g -O3 a.c && ./a.out
%
More information about the Gcc-bugs
mailing list