https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115758
Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> --- With -fsanitize=address we get: ================================================================= ==1==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fe0b0200038 at pc 0x0000004014ca bp 0x7fff659fac90 sp 0x7fff659fac88 READ of size 8 at 0x7fe0b0200038 thread T0 #0 0x4014c9 in n /app/example.c:23 #1 0x4015b7 in main /app/example.c:27 #2 0x7fe0b2029d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e) #3 0x7fe0b2029e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 490fef8403240c91833978d494d39e537409b92e) #4 0x401104 in _start (/app/output.s+0x401104) (BuildId: f7cb729e32f54ad4816d1652d974eca432f8f942) Address 0x7fe0b0200038 is located in stack of thread T0 at offset 56 in frame #0 0x4011d5 in n /app/example.c:13 This frame has 2 object(s): [32, 88) 'p' (line 16) <== Memory access at offset 56 is inside this variable [128, 416) 'r' (line 18) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope /app/example.c:23 in n Shadow bytes around the buggy address: 0x7fe0b01ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b01ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b01ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b01fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b01fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x7fe0b0200000: f1 f1 f1 f1 f8 f8 f8[f8]f8 f8 f8 f2 f2 f2 f2 f2 0x7fe0b0200080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b0200100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b0200180: 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 0x7fe0b0200200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7fe0b0200280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1==ABORTING Which is what I expected as p goes out of scope and you access it via **m .