[Bug c++/121814] Optimization has changed the code behavior

Fri, 05 Sep 2025 14:11:08 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121814

--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
=================================================================
==204691==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7b3d11a00058 at pc 0x7f3d14a4b2cf bp 0x7ffe75781ae0 sp 0x7ffe757812b0
READ of size 15 at 0x7b3d11a00058 thread T0
    #0 0x7f3d14a4b2ce in strlen.part.0 (/lib64/libasan.so.8+0x4b2ce) (BuildId:
10b8ccd49f75c21babf1d7abe51bb63589d8471f)
    #1 0x000000400f14 in std::char_traits<char>::length(char const*)
(/tmp/a.out+0x400f14) (BuildId: 28465892e964b113596f2bd70545cd65d8960135)
    #2 0x0000004028b3 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::append(char const*)
(/tmp/a.out+0x4028b3) (BuildId: 28465892e964b113596f2bd70545cd65d8960135)
    #3 0x00000040143f in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::operator+=(char const*)
(/tmp/a.out+0x40143f) (BuildId: 28465892e964b113596f2bd70545cd65d8960135)
    #4 0x000000400aa7 in put(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >&, void const*)
(/tmp/a.out+0x400aa7) (BuildId: 28465892e964b113596f2bd70545cd65d8960135)
    #5 0x000000400c90 in main (/tmp/a.out+0x400c90) (BuildId:
28465892e964b113596f2bd70545cd65d8960135)
    #6 0x7f3d13c11574 in __libc_start_call_main (/lib64/libc.so.6+0x3574)
(BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317)
    #7 0x7f3d13c11627 in __libc_start_main@GLIBC_2.2.5
(/lib64/libc.so.6+0x3627) (BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317)
    #8 0x0000004005a4 in _start (/tmp/a.out+0x4005a4) (BuildId:
28465892e964b113596f2bd70545cd65d8960135)

Address 0x7b3d11a00058 is located in stack of thread T0 at offset 88 in frame
    #0 0x000000400675 in put(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >&, void const*)
(/tmp/a.out+0x400675) (BuildId: 28465892e964b113596f2bd70545cd65d8960135)

  This frame has 1 object(s):
    [48, 88) 'cs_vec' (line 23) <== Memory access at offset 88 overflows this
variable

Reply via email to