[Bug libstdc++/99382] New: Address sanitizer detects stack-buffer-overflow in stl_construct.h

Thu, 04 Mar 2021 01:57:24 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99382

            Bug ID: 99382
           Summary: Address sanitizer detects stack-buffer-overflow in
                    stl_construct.h
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zeccav at gmail dot com
  Target Milestone: ---

// From test case sizes.cc
// must be compiled and executed
// /home/vitti/gcc-150221-full-address/./gcc/xg++
-B/home/vitti/gcc-150221-full-address/./gcc -nostdinc++
-L/home/vitti/gcc-150221-full-address/x86_64-pc-linux-gnu/libstdc++-v3/src/.libs
 -O0 -w -D_GNU_SOURCE -DLOCALEDIR="."
-I/home/vitti/gcc-150221-full-address/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu
-I/home/vitti/gcc-150221-full-address/x86_64-pc-linux-gnu/libstdc++-v3/include
-I/home/vitti/gcc-150221/libstdc++-v3/libsupc++    -o ./sizes.exe
/home/vitti/f95/cc/gccerr79.cc -fsanitize=address -fno-omit-frame-pointer -g
// ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcfe09a19c at
pc 0x000000401687 bp 0x7ffcfe099fe0 sp 0x7ffcfe099fd8
//WRITE of size 4 at 0x7ffcfe09a19c thread T0
//#0 0x401686 in void std::_Construct<int>(int*)
/home/vitti/gcc-150221-full-address/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/stl_construct.h:109
//#1 0x4015b6 in __uninit_default_n<int*, main()::Size>
/home/vitti/gcc-150221-full-address/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/stl_uninitialized.h:578
//#2 0x4014c6 in __uninitialized_default_n<int*, main()::Size>
/home/vitti/gcc-150221-full-address/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/stl_uninitialized.h:639
//#3 0x4013d5 in main
/home/vitti/gcc-150221/libstdc++-v3/testsuite/20_util/specialized_algorithms/uninitialized_default_n/p.cc:16
//#4 0x14e2a634c1e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)
//#5 0x40115d in _start
(/home/vitti/gcc-150221/libstdc++-v3/testsuite/20_util/specialized_algorithms/uninitialized_default_n/sizes.exe+0x40115d)

//Address 0x7ffcfe09a19c is located in stack of thread T0 at offset 76 in frame
//#0 0x4012f0 in main
/home/vitti/gcc-150221/libstdc++-v3/testsuite/20_util/specialized_algorithms/uninitialized_default_n/p.cc:4
//
// stl_construct.h:109 -> "{ ::new(static_cast<void*>(__p))
_Tp(std::forward<_Args>(__args)...); }"
//
#include <memory>

int main()
{
  struct Size
  {
    int value;

    void operator--() { --value; }

    int operator>(void*) { return value != 0; }
  };

  int i[3];
  Size n = {4};
  auto j = std::__uninitialized_default_n(i, n); // Fails here
}

Reply via email to