[Bug sanitizer/97414] New: AddressSanitizer CHECK failed: detect_stack_use_after_return and detect_invalid_pointer_pairs

Wed, 14 Oct 2020 00:52:02 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97414

            Bug ID: 97414
           Summary: AddressSanitizer CHECK failed:
                    detect_stack_use_after_return and
                    detect_invalid_pointer_pairs
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: chfast at gmail dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

==638106==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/asan/asan_thread.cpp:369 "((bottom)) != (0)" (0x0,
0x0)
    #0 0x7f00888e08b8  (/lib/x86_64-linux-gnu/libasan.so.6+0xb98b8)
    #1 0x7f00889007ce  (/lib/x86_64-linux-gnu/libasan.so.6+0xd97ce)
    #2 0x7f00888e64f0  (/lib/x86_64-linux-gnu/libasan.so.6+0xbf4f0)
    #3 0x7f00888dd68b  (/lib/x86_64-linux-gnu/libasan.so.6+0xb668b)
    #4 0x7f00888e0269 in __sanitizer_ptr_sub
(/lib/x86_64-linux-gnu/libasan.so.6+0xb9269)
    #5 0x55e8cd6641f2 in pointer_diff(int const*, int const*)
/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/pointer_subtract_crash.cpp:2
    #6 0x55e8cd664248 in main
/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/pointer_subtract_crash.cpp:10
    #7 0x7f008865c0b2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #8 0x55e8cd66410d in _start
(/home/chfast/Projects/compiler_bugs/sanitizers/pointer_subtract_crash/a.out+0x110d)


When running the program

[[gnu::noinline]] auto pointer_diff(const int *begin, const int *end) {
  return end - begin;
}

int main() {
  constexpr auto size = (2048 / sizeof(int)) + 1;

  auto buf = new int[size];
  auto end = buf + size;
  pointer_diff(end, buf);
  delete[] buf;

  return 0;
}


compiled with
gcc -fsanitize=address,pointer-subtract -g pointer_subtract_crash.cpp

To reproduce the crash, both runtime options must be enabled:
ASAN_OPTIONS=detect_stack_use_after_return=1:detect_invalid_pointer_pairs=1

This bug was previously reported in LLVM's AddressSanitizer project
https://bugs.llvm.org/show_bug.cgi?id=47626, but pointer-subtract is not
supported there.

Reply via email to