[Bug sanitizer/124206] New: [16 Regression] Stack overflow in ASAN-instrumented GCC

pheeck at gcc dot gnu.org via Gcc-bugs Mon, 23 Feb 2026 01:01:45 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124206


            Bug ID: 124206
           Summary: [16 Regression] Stack overflow in ASAN-instrumented
                    GCC
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: pheeck at gcc dot gnu.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---
              Host: x86_64-linux
            Target: x86_64-linux

Configure GCC with --enable-host-shared --enable-checking=release
--disable-multilib --with-build-config=bootstrap-asan

Then run
asan-gcc gcc/testsuite/gcc.c-torture/compile/limits-exprparen.c -O0

You get a segfault

Doing the same thing with --disable-bootstrap --enable-checking=release doesn't
result in a segfault.

I suspect that the problem is somehow caused by the asan instrumentation.

Doing
asan-gcc gcc/testsuite/gcc.c-torture/compile/limits-exprparen.c -O0 -wrapper
gdb,--args
and asking for a backtrace gives you a very long backtrace ending with this:

#63527 0x0000000000aef762 in c_parser_expr_no_commas
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0, omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10011
#63528 0x0000000000af5d58 in c_parser_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:14246
#63529 0x0000000000ad486f in c_parser_postfix_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:11920
#63530 0x0000000000ae48ab in c_parser_unary_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10831
#63531 0x0000000000aea03d in c_parser_cast_expression
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0) at
/home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10635
#63532 0x0000000000aea9ce in c_parser_binary_expression
(parser=parser@entry=0x7ffff7fac0d0, after=0x0, 
    omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10403
#63533 0x0000000000aedfe6 in c_parser_conditional_expression
(parser=parser@entry=0x7ffff7fac0d0, 
    after=<optimized out>, omp_atomic_lhs=<optimized out>)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10098
#63534 0x0000000000aef762 in c_parser_expr_no_commas
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0, omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10011
#63535 0x0000000000af5d58 in c_parser_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:14246
#63536 0x0000000000ad486f in c_parser_postfix_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:11920
#63537 0x0000000000ae48ab in c_parser_unary_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10831
#63538 0x0000000000aea03d in c_parser_cast_expression
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0) at
/home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10635
#63539 0x0000000000aea9ce in c_parser_binary_expression
(parser=parser@entry=0x7ffff7fac0d0, after=0x0, 
    omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10403
#63540 0x0000000000aedfe6 in c_parser_conditional_expression
(parser=parser@entry=0x7ffff7fac0d0, 
    after=<optimized out>, omp_atomic_lhs=<optimized out>)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10098
#63541 0x0000000000aef762 in c_parser_expr_no_commas
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0, omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10011
#63542 0x0000000000b199fa in c_parser_initializer
(parser=parser@entry=0x7ffff7fac0d0, 
    decl=decl@entry=0x7bfff45d5e40) at
/home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:6585
#63543 0x0000000000ac3b63 in c_parser_declaration_or_fndef
(parser=parser@entry=0x7ffff7fac0d0, 
    fndef_ok=false, fndef_ok@entry=true,
static_assert_ok=static_assert_ok@entry=true, 
    empty_ok=empty_ok@entry=true, nested=nested@entry=false,
start_attr_ok=start_attr_ok@entry=true, 
    simple_ok=<optimized out>, objc_foreach_object_declaration=<optimized out>, 
    omp_declare_simd_clauses=<optimized out>, have_attrs=<optimized out>,
attrs=<optimized out>, 
    oacc_routine_data=<optimized out>, fallthru_attr_p=<optimized out>)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:3017
#63544 0x0000000000b98828 in c_parser_external_declaration
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:2250
#63545 0x0000000000b9a83c in c_parser_translation_unit (parser=<optimized out>)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:2089
#63546 c_parse_file () at
/home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:31298
#63547 0x0000000000ceabef in c_common_parse_file ()
    at
/home/worker/buildworker/tiber-gcc-asan/build/gcc/c-family/c-opts.cc:1422
#63548 0x00000000022886b9 in compile_file ()
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:455
#63549 0x0000000000844235 in do_compile ()
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2225
#63550 toplev::main (this=this@entry=0x7bfff56f0020, argc=<optimized out>,
argc@entry=21, 
    argv=<optimized out>, argv@entry=0x7fffffffd958)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2389
#63551 0x000000000084f96e in main (argc=<optimized out>, argv=0x7fffffffd958)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/main.cc:39
(gdb) 

This part repeats on and on:

#63535 0x0000000000af5d58 in c_parser_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:14246
#63536 0x0000000000ad486f in c_parser_postfix_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:11920
#63537 0x0000000000ae48ab in c_parser_unary_expression
(parser=parser@entry=0x7ffff7fac0d0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10831
#63538 0x0000000000aea03d in c_parser_cast_expression
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0) at
/home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10635
#63539 0x0000000000aea9ce in c_parser_binary_expression
(parser=parser@entry=0x7ffff7fac0d0, after=0x0, 
    omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10403
#63540 0x0000000000aedfe6 in c_parser_conditional_expression
(parser=parser@entry=0x7ffff7fac0d0, 
    after=<optimized out>, omp_atomic_lhs=<optimized out>)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10098
#63541 0x0000000000aef762 in c_parser_expr_no_commas
(parser=parser@entry=0x7ffff7fac0d0, 
    after=after@entry=0x0, omp_atomic_lhs=omp_atomic_lhs@entry=0x0)
    at /home/worker/buildworker/tiber-gcc-asan/build/gcc/c/c-parser.cc:10011

I'm confused.  I would expect some asan functions to be in that stacktrace.

[Bug sanitizer/124206] New: [16 Regression] Stack overflow in ASAN-instrumented GCC

Reply via email to