https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67484
Vittorio Zecca <zeccav at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|5.2.0 |6.0 --- Comment #1 from Vittorio Zecca <zeccav at gmail dot com> --- Same bug on the trunk. The following is the sanitizer output: ~/1tb/vitti/local/gcc-trunk-sanitized/bin/g++ -S gccerr26.C ================================================================= ==25114==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000005850 at pc 0x2b7d193c94a5 bp 0x7ffe44d41860 sp 0x7ffe44d41010 READ of size 1 at 0x602000005850 thread T0 #0 0x2b7d193c94a4 in __interceptor_strcmp ../../../../gcc-5.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:178 #1 0x170f87f in cl_target_option_eq(cl_target_option const*, cl_target_option const*) /home/vitti/test/gcc-sanitized/gcc/options-save.c:3491 #2 0x202ee44 in cl_option_hasher::equal(tree_node*, tree_node*) ../../gcc/gcc/tree.c:11866 #3 0x204559b in hash_table<cl_option_hasher, xcallocator>::find_slot_with_hash(tree_node* const&, unsigned int, insert_option) ../../gcc/gcc/hash-table.h:838 #4 0x2042095 in hash_table<cl_option_hasher, xcallocator>::find_slot(tree_node* const&, insert_option) ../../gcc/gcc/hash-table.h:408 #5 0x202efc4 in build_target_option_node(gcc_options*) ../../gcc/gcc/tree.c:11914 #6 0x21218b0 in ix86_valid_target_attribute_tree(tree_node*, gcc_options*, gcc_options*) ../../gcc/gcc/config/i386/i386.c:5110 #7 0x21af79c in get_builtin_code_for_version ../../gcc/gcc/config/i386/i386.c:34678 #8 0x21b00b2 in ix86_compare_version_priority ../../gcc/gcc/config/i386/i386.c:34846 #9 0x780078 in joust ../../gcc/gcc/cp/call.c:9234 #10 0x781a8e in tourney ../../gcc/gcc/cp/call.c:9361 #11 0x7544bf in perform_overload_resolution ../../gcc/gcc/cp/call.c:4016 #12 0x754942 in build_new_function_call(tree_node*, vec<tree_node*, va_gc, vl_embed>**, bool, int) ../../gcc/gcc/cp/call.c:4089 #13 0xb66c40 in finish_call_expr(tree_node*, vec<tree_node*, va_gc, vl_embed>**, bool, bool, int) ../../gcc/gcc/cp/semantics.c:2391 #14 0xa0b32a in cp_parser_postfix_expression ../../gcc/gcc/cp/parser.c:6422 #15 0xa0fec8 in cp_parser_unary_expression ../../gcc/gcc/cp/parser.c:7486 #16 0xa11a49 in cp_parser_cast_expression ../../gcc/gcc/cp/parser.c:8122 #17 0xa11bb4 in cp_parser_binary_expression ../../gcc/gcc/cp/parser.c:8223 #18 0xa13696 in cp_parser_assignment_expression ../../gcc/gcc/cp/parser.c:8481 #19 0xa14197 in cp_parser_constant_expression ../../gcc/gcc/cp/parser.c:8727 #20 0xa42158 in cp_parser_initializer_clause ../../gcc/gcc/cp/parser.c:19925 #21 0xa41e9b in cp_parser_initializer ../../gcc/gcc/cp/parser.c:19866 #22 0xa3813e in cp_parser_init_declarator ../../gcc/gcc/cp/parser.c:17793 #23 0xa215bc in cp_parser_simple_declaration ../../gcc/gcc/cp/parser.c:11681 #24 0xa210aa in cp_parser_block_declaration ../../gcc/gcc/cp/parser.c:11555 #25 0xa208bb in cp_parser_declaration ../../gcc/gcc/cp/parser.c:11452 #26 0xa1fe63 in cp_parser_declaration_seq_opt ../../gcc/gcc/cp/parser.c:11334 #27 0xa0181d in cp_parser_translation_unit ../../gcc/gcc/cp/parser.c:4154 #28 0xa843f8 in c_parse_file() ../../gcc/gcc/cp/parser.c:34273 #29 0xdb2e46 in c_common_parse_file() ../../gcc/gcc/c-family/c-opts.c:1058 #30 0x19b8f12 in compile_file ../../gcc/gcc/toplev.c:544 #31 0x19bf8f0 in do_compile ../../gcc/gcc/toplev.c:2034 #32 0x19bff60 in toplev::main(int, char**) ../../gcc/gcc/toplev.c:2141 #33 0x2d332c0 in main ../../gcc/gcc/main.c:39 #34 0x390da1ffdf in __libc_start_main (/lib64/libc.so.6+0x390da1ffdf) #35 0x737768 (/home/vitti/1tb/vitti/local/gcc-trunk-sanitized/libexec/gcc/x86_64-pc-linux-gnu/6.0.0/cc1plus+0x737768) 0x602000005850 is located 0 bytes inside of 6-byte region [0x602000005850,0x602000005856) freed by thread T0 here: #0 0x2b7d194171dd in __interceptor_free ../../../../gcc-5.2.0/libsanitizer/asan/asan_malloc_linux.cc:28 #1 0x21219df in ix86_valid_target_attribute_tree(tree_node*, gcc_options*, gcc_options*) ../../gcc/gcc/config/i386/i386.c:5118 #2 0x2121e77 in ix86_valid_target_attribute_p ../../gcc/gcc/config/i386/i386.c:5166 #3 0xd5e237 in handle_target_attribute ../../gcc/gcc/c-family/c-common.c:9777 #4 0xce2e48 in decl_attributes(tree_node**, tree_node*, int) ../../gcc/gcc/attribs.c:557 #5 0x9a5e3a in cplus_decl_attributes(tree_node**, tree_node*, int) ../../gcc/gcc/cp/decl2.c:1493 #6 0x7d65a7 in grokfndecl ../../gcc/gcc/cp/decl.c:8100 #7 0x7ea399 in grokdeclarator(cp_declarator const*, cp_decl_specifier_seq*, decl_context, int, tree_node**) ../../gcc/gcc/cp/decl.c:11265 #8 0x7bcb26 in start_decl(cp_declarator const*, cp_decl_specifier_seq*, int, tree_node*, tree_node*, tree_node**) ../../gcc/gcc/cp/decl.c:4740 #9 0xa37c1f in cp_parser_init_declarator ../../gcc/gcc/cp/parser.c:17717 #10 0xa215bc in cp_parser_simple_declaration ../../gcc/gcc/cp/parser.c:11681 #11 0xa210aa in cp_parser_block_declaration ../../gcc/gcc/cp/parser.c:11555 #12 0xa208bb in cp_parser_declaration ../../gcc/gcc/cp/parser.c:11452 #13 0xa1fe63 in cp_parser_declaration_seq_opt ../../gcc/gcc/cp/parser.c:11334 #14 0xa0181d in cp_parser_translation_unit ../../gcc/gcc/cp/parser.c:4154 #15 0xa843f8 in c_parse_file() ../../gcc/gcc/cp/parser.c:34273 #16 0xdb2e46 in c_common_parse_file() ../../gcc/gcc/c-family/c-opts.c:1058 #17 0x19b8f12 in compile_file ../../gcc/gcc/toplev.c:544 #18 0x19bf8f0 in do_compile ../../gcc/gcc/toplev.c:2034 #19 0x19bff60 in toplev::main(int, char**) ../../gcc/gcc/toplev.c:2141 #20 0x2d332c0 in main ../../gcc/gcc/main.c:39 #21 0x390da1ffdf in __libc_start_main (/lib64/libc.so.6+0x390da1ffdf) previously allocated by thread T0 here: #0 0x2b7d19417509 in __interceptor_malloc ../../../../gcc-5.2.0/libsanitizer/asan/asan_malloc_linux.cc:38 #1 0x2e6d27c in xmalloc ../../gcc/libiberty/xmalloc.c:147 #2 0x2e6d41f in xstrdup ../../gcc/libiberty/xstrdup.c:34 #3 0x2121028 in ix86_valid_target_attribute_inner_p ../../gcc/gcc/config/i386/i386.c:5017 #4 0x21206da in ix86_valid_target_attribute_inner_p ../../gcc/gcc/config/i386/i386.c:4909 #5 0x2121474 in ix86_valid_target_attribute_tree(tree_node*, gcc_options*, gcc_options*) ../../gcc/gcc/config/i386/i386.c:5066 #6 0x2121e77 in ix86_valid_target_attribute_p ../../gcc/gcc/config/i386/i386.c:5166 #7 0xd5e237 in handle_target_attribute ../../gcc/gcc/c-family/c-common.c:9777 #8 0xce2e48 in decl_attributes(tree_node**, tree_node*, int) ../../gcc/gcc/attribs.c:557 #9 0x9a5e3a in cplus_decl_attributes(tree_node**, tree_node*, int) ../../gcc/gcc/cp/decl2.c:1493 #10 0x7d65a7 in grokfndecl ../../gcc/gcc/cp/decl.c:8100 #11 0x7ea399 in grokdeclarator(cp_declarator const*, cp_decl_specifier_seq*, decl_context, int, tree_node**) ../../gcc/gcc/cp/decl.c:11265 #12 0x7bcb26 in start_decl(cp_declarator const*, cp_decl_specifier_seq*, int, tree_node*, tree_node*, tree_node**) ../../gcc/gcc/cp/decl.c:4740 #13 0xa37c1f in cp_parser_init_declarator ../../gcc/gcc/cp/parser.c:17717 #14 0xa215bc in cp_parser_simple_declaration ../../gcc/gcc/cp/parser.c:11681 #15 0xa210aa in cp_parser_block_declaration ../../gcc/gcc/cp/parser.c:11555 #16 0xa208bb in cp_parser_declaration ../../gcc/gcc/cp/parser.c:11452 #17 0xa1fe63 in cp_parser_declaration_seq_opt ../../gcc/gcc/cp/parser.c:11334 #18 0xa0181d in cp_parser_translation_unit ../../gcc/gcc/cp/parser.c:4154 #19 0xa843f8 in c_parse_file() ../../gcc/gcc/cp/parser.c:34273 #20 0xdb2e46 in c_common_parse_file() ../../gcc/gcc/c-family/c-opts.c:1058 #21 0x19b8f12 in compile_file ../../gcc/gcc/toplev.c:544 #22 0x19bf8f0 in do_compile ../../gcc/gcc/toplev.c:2034 #23 0x19bff60 in toplev::main(int, char**) ../../gcc/gcc/toplev.c:2141 #24 0x2d332c0 in main ../../gcc/gcc/main.c:39 #25 0x390da1ffdf in __libc_start_main (/lib64/libc.so.6+0x390da1ffdf) SUMMARY: AddressSanitizer: heap-use-after-free ../../../../gcc-5.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:178 __interceptor_strcmp Shadow bytes around the buggy address: 0x0c047fff8ab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8ad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8ae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8af0: fa fa fa fa fa fa 06 fa fa fa fd fa fa fa fd fd =>0x0c047fff8b00: fa fa fd fa fa fa fd fd fa fa[fd]fa fa fa fd fd 0x0c047fff8b10: fa fa fd fa fa fa fd fd fa fa fd fd fa fa 00 06 0x0c047fff8b20: fa fa 00 00 fa fa 00 01 fa fa 00 01 fa fa 00 01 0x0c047fff8b30: fa fa 00 01 fa fa 00 01 fa fa 00 01 fa fa 00 01 0x0c047fff8b40: fa fa 00 01 fa fa 00 fa fa fa 00 07 fa fa fd fd 0x0c047fff8b50: fa fa 00 07 fa fa 00 07 fa fa 00 04 fa fa fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==25114==ABORTING