asan: GCC warning about use-after-free #33188

issue fanquake openend this issue on August 14, 2025
  1. fanquake commented at 2:45 pm on August 14, 2025: member

    GCC is warning about use-after-free in the recently added ASAN unpoisoning:

     0# gcc (GCC) 15.2.1 20250808 (Red Hat 15.2.1-1)
 1# cmake -B build -DSANITIZERS=address
 2In file included from /root/bitcoin/src/util/check.h:131,
 3                 from /root/bitcoin/src/random.h:13,
 4                 from /root/bitcoin/src/test/util/random.h:9,
 5                 from /root/bitcoin/src/test/util/setup_common.h:19,
 6                 from /root/bitcoin/src/test/util/setup_common.cpp:5:
 7In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
 8    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
 9    inlined from ‘std::pair<CMutableTransaction, long int> TestChain100Setup::CreateValidTransaction(const std::vector<std::shared_ptr<const CTransaction> >&, const std::vector<COutPoint>&, int, const std::vector<CKey>&, const std::vector<CTxOut>&, const std::optional<CFeeRate>&, const std::optional<unsigned int>&)’ at /root/bitcoin/src/test/util/setup_common.cpp:486:1:
10/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
11  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
12      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
13In file included from /root/bitcoin/src/memusage.h:10,
14                 from /root/bitcoin/src/core_memusage.h:10,
15                 from /root/bitcoin/src/kernel/mempool_entry.h:10,
16                 from /root/bitcoin/src/test/util/setup_common.cpp:18:
17/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
18  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
19      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
21    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
22    inlined from ‘std::pair<CMutableTransaction, long int> TestChain100Setup::CreateValidTransaction(const std::vector<std::shared_ptr<const CTransaction> >&, const std::vector<COutPoint>&, int, const std::vector<CKey>&, const std::vector<CTxOut>&, const std::optional<CFeeRate>&, const std::optional<unsigned int>&)’ at /root/bitcoin/src/test/util/setup_common.cpp:486:1:
23/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
24  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
25      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
26/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
27  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
28      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
29<snip>
30In file included from /root/bitcoin/src/util/check.h:131,
31                 from /root/bitcoin/src/random.h:13,
32                 from /root/bitcoin/src/test/util/random.h:9,
33                 from /root/bitcoin/src/test/util/setup_common.h:19,
34                 from /root/bitcoin/src/test/transaction_tests.cpp:7:
35In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
36    inlined from ‘CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7:
37/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
38  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
39      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
40In file included from /root/bitcoin/src/memusage.h:10,
41                 from /root/bitcoin/src/core_memusage.h:10,
42                 from /root/bitcoin/src/coins.h:10,
43                 from /root/bitcoin/src/script/sign.h:10,
44                 from /root/bitcoin/src/test/transaction_tests.cpp:23:
45/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
46  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
47      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
48In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
49    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
50    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7:
51/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
52  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
53      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
54/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
55  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
56      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
57In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
58    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
59    inlined from ‘void transaction_tests::max_standard_legacy_sigops::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:1150:1:
60/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
61  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
62      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
63/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
64  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
65      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
66In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
67    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
68    inlined from ‘void transaction_tests::spends_witness_prog::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:1305:1:
69/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
70  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
71      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
72/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
73  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
74      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
75In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
76    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
77    inlined from ‘void transaction_tests::test_Get::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:450:1:
78/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
79  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
80      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
81/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
82  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
83      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
84In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
85    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
86    inlined from ‘void transaction_tests::test_IsStandard::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:1055:1:
87/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)[-Wuse-after-free]
88  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
89      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
90/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
91  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
92      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    cc @dergoegge


fanquake

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-09-02 12:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me