https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85774
Bug ID: 85774
Summary: Incorrect stack-use-after-scope caused by missing
cleanup of shadow bytes
Product: gcc
Version: 8.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jwyatt at feralinteractive dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
The code:
#include <functional>
void DoSomething(){}
void DoFunc(const std::function<void(void)>& func)
{
func();
}
void Setup()
{
switch (1)
{
case 1:
{
DoFunc([](){});
break;
}
case 2:
{
DoFunc([](){});
break;
}
default:
break;
}
DoSomething();
}
void DemostrateBadPoisoning()
{
DoFunc([](){});
}
int main()
{
Setup();
DemostrateBadPoisoning();
return 0;
}
will cause an AddressSanitizer stack-use-after-scope error in
DemonstrateBadPoisoning. This appears to be because the shadow bytes for the
stack of Setup are not completely zeroed on function exit.
Compiled with: g++ -O0 -g -fsanitize=address -Wall -Wextra
gcc version 8.1.1 20180502 (Red Hat 8.1.1-1) (GCC)
