Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

std::string_view on temporary string - catch by ASan

This is dangling pointer|reference example:

#include <string>
#include <string_view>
#include <iostream>

std::string foo() {
    return "test";
}

int main() {
    std::string_view bar = foo(); // bar is pointed to destructed string
    std::cout << bar << std::endl;
}

Address sanitizer cannot catch it, at least with default options. Is it possible to catch such errors with address sanitizer?

UPD.

Reported this bug:

  • https://bugs.llvm.org/show_bug.cgi?id=35285
  • https://github.com/google/sanitizers/issues/879
like image 821
vladon Avatar asked Nov 13 '17 09:11

vladon


1 Answers

My guess (you haven't provided compiler version) is that operator << is implemented externally so Asan can't sanitize it and detect error (unless you rebuild libstdc++ with Asan). Here's what I get with my GCC 6.2 (I slightly modified repro as I don't have access to c++1z):

  call    operator delete(void*)
.L17:
  movq    %rbx, %rsi
  movl    std::cout, %edi
  call    std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*)
  call    std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)
like image 184
yugr Avatar answered Oct 16 '22 09:10

yugr