https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81235
--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Carl Johnson from comment #0)
> After debugging, I noticed that the crash is because function `realloc`
> returned NULL. As I know, there might be two situations when `realloc`
> returns NULL:
> 1. When a pointer is passed which didn't came from `alloc` or `calloc`
That's not guaranteed. Passing such a pointer is undefined, so anything can
happen.
Your code is full of bugs, compiling with -fsanitize=undefined reveals runtime
errors due to misaligned accesses, and -fsanitize=address reveals a heap buffer
overflow, which is almost certainly the cause of your problem:
=================================================================
==915==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000ec40
at pc 0x000000402f42 bp 0x7ffdd1efc220 sp 0x7ffdd1efc210
WRITE of size 4 at 0x60300000ec40 thread T0
#0 0x402f41 in qb /tmp/1.c:4
#1 0x400fe8 in main /tmp/1.c:4
#2 0x7f8fb17d2730 in __libc_start_main (/lib64/libc.so.6+0x20730)
#3 0x401258 in _start (/tmp/a.out+0x401258)
0x60300000ec40 is located 0 bytes to the right of 32-byte region
[0x60300000ec20,0x60300000ec40)
allocated by thread T0 here:
#0 0x7f8fb1c3b220 in realloc (/lib64/libasan.so.3+0xc7220)
#1 0x402008 in bc /tmp/1.c:4
SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/1.c:4 in qb
Shadow bytes around the buggy address:
0x0c067fff9d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c067fff9d80: fa fa fa fa 00 00 00 00[fa]fa fd fd fd fd fa fa
0x0c067fff9d90: fd fd fd fa fa fa fd fd fd fd fa fa fd fd fd fd
0x0c067fff9da0: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa 00 00
0x0c067fff9db0: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa
0x0c067fff9dc0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fa
0x0c067fff9dd0: fa fa fd fd fd fa fa fa 00 00 00 fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==915==ABORTING
