asan: GCC warning about use-after-free #33188

GCC is warning about use-after-free in the recently added ASAN unpoisoning:

# gcc (GCC) 15.2.1 20250808 (Red Hat 15.2.1-1)
# cmake -B build -DSANITIZERS=address
In file included from /root/bitcoin/src/util/check.h:131,
                 from /root/bitcoin/src/random.h:13,
                 from /root/bitcoin/src/test/util/random.h:9,
                 from /root/bitcoin/src/test/util/setup_common.h:19,
                 from /root/bitcoin/src/test/util/setup_common.cpp:5:
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘std::pair<CMutableTransaction, long int> TestChain100Setup::CreateValidTransaction(const std::vector<std::shared_ptr<const CTransaction> >&, const std::vector<COutPoint>&, int, const std::vector<CKey>&, const std::vector<CTxOut>&, const std::optional<CFeeRate>&, const std::optional<unsigned int>&)’ at /root/bitcoin/src/test/util/setup_common.cpp:486:1:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/bitcoin/src/memusage.h:10,
                 from /root/bitcoin/src/core_memusage.h:10,
                 from /root/bitcoin/src/kernel/mempool_entry.h:10,
                 from /root/bitcoin/src/test/util/setup_common.cpp:18:
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘std::pair<CMutableTransaction, long int> TestChain100Setup::CreateValidTransaction(const std::vector<std::shared_ptr<const CTransaction> >&, const std::vector<COutPoint>&, int, const std::vector<CKey>&, const std::vector<CTxOut>&, const std::optional<CFeeRate>&, const std::optional<unsigned int>&)’ at /root/bitcoin/src/test/util/setup_common.cpp:486:1:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<snip>
In file included from /root/bitcoin/src/util/check.h:131,
                 from /root/bitcoin/src/random.h:13,
                 from /root/bitcoin/src/test/util/random.h:9,
                 from /root/bitcoin/src/test/util/setup_common.h:19,
                 from /root/bitcoin/src/test/transaction_tests.cpp:7:
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /root/bitcoin/src/memusage.h:10,
                 from /root/bitcoin/src/core_memusage.h:10,
                 from /root/bitcoin/src/coins.h:10,
                 from /root/bitcoin/src/script/sign.h:10,
                 from /root/bitcoin/src/test/transaction_tests.cpp:23:
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘void transaction_tests::max_standard_legacy_sigops::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:1150:1:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘void transaction_tests::spends_witness_prog::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:1305:1:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘void transaction_tests::test_Get::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:450:1:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In destructor ‘PoolResource<MAX_BLOCK_SIZE_BYTES, ALIGN_BYTES>::~PoolResource() [with long unsigned int MAX_BLOCK_SIZE_BYTES = 152; long unsigned int ALIGN_BYTES = 8]’,
    inlined from ‘virtual CCoinsViewCache::~CCoinsViewCache()’ at /root/bitcoin/src/coins.h:362:7,
    inlined from ‘void transaction_tests::test_IsStandard::test_method()’ at /root/bitcoin/src/test/transaction_tests.cpp:1055:1:
/root/bitcoin/src/support/allocators/pool.h:210:13: warning: pointer ‘chunk’ used after ‘void operator delete(void*, std::align_val_t)’ [-Wuse-after-free]
  210 |             ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/bitcoin/src/support/allocators/pool.h:209:31: note: call to ‘void operator delete(void*, std::align_val_t)’ here
  209 |             ::operator delete ((void*)chunk, std::align_val_t{ELEM_ALIGN_BYTES});
      |             ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cc @dergoegge

This is a false positive. If someone is using gcc with asan we could move ASAN_UNPOISON_MEMORY_REGION(chunk, m_chunk_size_bytes); above the delete call to avoid this warning (I suspect).

Not seeing this with gcc (GCC) 16.0.1 20260127 (Red Hat 16.0.1-0)