http://bugzilla.suse.com/show_bug.cgi?id=1137071 http://bugzilla.suse.com/show_bug.cgi?id=1137071#c11 Martin Liška <martin.liska@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(meissner@suse.com | |) | --- Comment #11 from Martin Liška <martin.liska@suse.com> --- There's self-contained test-case: $ cat wine2.c char memory[128]; int main(int argc, char **argv) { const char *str; switch (argc) { case 1: str = (const char []){'C','h','a','i','n','i','n','g','M','o','d','e','E','C','B',0}; break; default: str = (const char []){'C','h','a','i','n','i','n','g','M','o','d','e','G','C','M',0}; break; } __builtin_memcpy(memory, str, __builtin_strlen (str) + 1); if (memory[14] != 'B') __builtin_abort (); return 0; } $ gcc-9 wine2.c -O2 && ./a.out Aborted (core dumped) $ gcc-9 -fsanitize=address wine2.c -O2 && ./a.out ================================================================= ==32004==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc6dc6ded0 at pc 0x7fba7fd87e18 bp 0x7ffc6dc6dea0 sp 0x7ffc6dc6d650 READ of size 16 at 0x7ffc6dc6ded0 thread T0 #0 0x7fba7fd87e17 (/usr/lib64/libasan.so.5+0x67e17) #1 0x4013cd in main (/home/marxin/Programming/testcases/a.out+0x4013cd) #2 0x7fba7fb82bca in __libc_start_main ../csu/libc-start.c:308 #3 0x4017c9 in _start (/home/marxin/Programming/testcases/a.out+0x4017c9) Address 0x7ffc6dc6ded0 is located in stack of thread T0 at offset 32 in frame #0 0x4010cf in main (/home/marxin/Programming/testcases/a.out+0x4010cf) This frame has 2 object(s): [32, 48) '<unknown>' <== Memory access at offset 32 is inside this variable [64, 80) '<unknown>' HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope (/usr/lib64/libasan.so.5+0x67e17) Shadow bytes around the buggy address: 0x10000db85b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10000db85bd0: 00 00 00 00 00 00 f1 f1 f1 f1[f8]f8 f2 f2 f8 f8 0x10000db85be0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000db85c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==32004==ABORTING -- You are receiving this mail because: You are on the CC list for the bug.