Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cat ubsan.c && gcc ubsan.c -fsanitize=address -g && ./a.out
- int main(int argc, char **argv)
- {
- int *items = (int[]) {1, 2, 3};
- switch (argc)
- {
- case 0:
- items = (int[]) {999};
- break;
- default:
- items = (int[]) {999, 888};
- break;
- }
- return items[0];
- }
- =================================================================
- ==17838==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffffffdbc0 at pc 0x0000004013e5 bp 0x7fffffffdb50 sp 0x7fffffffdb48
- READ of size 4 at 0x7fffffffdbc0 thread T0
- #0 0x4013e4 in main /tmp/ubsan.c:15
- #1 0x7ffff73b8b7a in __libc_start_main ../csu/libc-start.c:308
- #2 0x4010a9 in _start (/tmp/a.out+0x4010a9)
- Address 0x7fffffffdbc0 is located in stack of thread T0 at offset 64 in frame
- #0 0x401161 in main /tmp/ubsan.c:2
- This frame has 3 object(s):
- [48, 52) '<unknown>'
- [64, 72) '<unknown>' <== Memory access at offset 64 is inside this variable
- [96, 108) '<unknown>'
- HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
- (longjmp and C++ exceptions *are* supported)
- SUMMARY: AddressSanitizer: stack-use-after-scope /tmp/ubsan.c:15 in main
- Shadow bytes around the buggy address:
- 0x10007fff7b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- =>0x10007fff7b70: f1 f1 f1 f1 f1 f1 f8 f2[f8]f2 f2 f2 00 04 f3 f3
- 0x10007fff7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- 0x10007fff7bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- Shadow byte legend (one shadow byte represents 8 application bytes):
- Addressable: 00
- Partially addressable: 01 02 03 04 05 06 07
- Heap left redzone: fa
- Freed heap region: fd
- Stack left redzone: f1
- Stack mid redzone: f2
- Stack right redzone: f3
- Stack after return: f5
- Stack use after scope: f8
- Global redzone: f9
- Global init order: f6
- Poisoned by user: f7
- Container overflow: fc
- Array cookie: ac
- Intra object redzone: bb
- ASan internal: fe
- Left alloca redzone: ca
- Right alloca redzone: cb
- Shadow gap: cc
- ==17838==ABORTING
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement