[Bug c++/62017] New: AddressSanitizer reports *-buffer-overflow in destructor when multiple virtual inheritance is used
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62017 Bug ID: 62017 Summary: AddressSanitizer reports *-buffer-overflow in destructor when multiple virtual inheritance is used Product: gcc Version: 4.9.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: bezkrovatki at gmail dot com Consider the following sample code (test.cpp): struct IA { virtual ~IA() {} }; struct IB { virtual ~IB() {} }; struct IC: virtual IA, virtual IB {}; struct CA : virtual IA {}; struct CB: virtual IB {}; struct CC: virtual IC, CA, CB {}; int main() { CC c; return 0; } Compile it with g++ 4.9.1 (Debian sid amd64): g++ -o test.asan -g -O0 -fno-omit-frame-pointer -fsanitize=address test.cpp Running it gives the following report: ==3591==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff92d37da0 at pc 0x400f58 bp 0x7fff92d37d20 sp 0x7fff92d37d18 WRITE of size 16 at 0x7fff92d37da0 thread T0 #0 0x400f57 in IC::~IC() test.cpp:11 #1 0x401675 in CC::~CC() test.cpp:17 #2 0x400a20 in main test.cpp:22 #3 0x7fd0c55a6b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #4 0x4008b8 (test.asan+0x4008b8) Address 0x7fff92d37da0 is located in stack of thread T0 at offset 48 in frame #0 0x400995 in main test.cpp:20 This frame has 1 object(s): [32, 56) 'c' <== Memory access at offset 48 partially overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow test.cpp:11 IC::~IC() Shadow bytes around the buggy address: 0x10007259ef60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259ef70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259ef90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259efa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 =>0x10007259efb0: f1 f1 00 00[00]f4 f3 f3 f3 f3 00 00 00 00 00 00 0x10007259efc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259efd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259efe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259eff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007259f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Contiguous container OOB:fc ASan internal: fe ==3591==ABORTING When an object of type CC is allocated on heap the error is reported as well. If an object of type CC is aggregated into another type and followed by another field (e.g. the type of variable 'c' from the sample is std::pair) then the error no is reported. No error is observed when clang++ 3.4.2 or g++ 4.8.3 is used.
[Bug tree-optimization/108939] New: -Wstringop-truncation warning when -fsanitize=address, -O2 and -std=c++11 are used
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108939 Bug ID: 108939 Summary: -Wstringop-truncation warning when -fsanitize=address, -O2 and -std=c++11 are used Product: gcc Version: 10.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: bezkrovatki at gmail dot com Target Milestone: --- GCC 10 and 11 emit the -Wstringop-truncation warning on the following simplified sample #include #define LEN 32 int main() { char dest[LEN]; char src[LEN]; strncpy(dest, src, LEN); dest[LEN-1]=0; return 0; } ... when compiling with the following flags g++ -fsanitize=address -std=c++11 -Werror -Wstringop-truncation -O2 The issue is not reproducible in any of the following cases: - GCC 9 or earlier is used; - GCC 12 or later is used; - the option -fsanitize=address is omitted; - the option -O2 is omitted; - the option -std=c++11 is omitted or replaced with -std=gnu++11.
[Bug tree-optimization/108939] -Wstringop-truncation warning when -fsanitize=address, -O2 and -std=c++11 are used
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108939 --- Comment #2 from Anton Nikolaevsky --- Indeed, with the sample code that I've originally reported the presence of the flag -std=xxx does not matter. The fact is I started from the following a bit more complex code: #include #include #define LEN 32 int main(int argc, char* argv[]) { char dest[LEN]; char src[LEN]; strcpy(src, argv[0]); strncpy(dest, src, LEN); dest[LEN-1]=0; printf("%s\n", dest); return 0; } With the sample above GCC 10 and 11 generate the warning when the flag -std=c++11 is used and the warning is not generated with -std=gnu++11. Tested here https://godbolt.org/z/vPYf8nsEv