<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/55590>55590</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Double-free not caught by ASan unless -fno-builtin is specified or optimizations disabled
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            compiler-rt:asan,
            llvm:optimizations
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          Teemperor
      </td>
    </tr>
</table>

<pre>
    *Note:* I'm aware that this is happening due to a (legal) optimization and this is not technically a bug in the optimizer (nor the sanitizer implementation). This (and some other bugs I'm filing) mostly serve as a basis for an upcoming RFC on how to fix these issues.

Reproducer:

```cpp
#include <stdlib.h>

int main() {
  int *i = malloc(1000);
  *i = 3;
  free(i);
  free(i);
}
```
https://godbolt.org/z/GsKK3sY8E
(Note that this also works with malloc/free or any other allocation function LLVM knows of).
(Also this example actually contains an exploitable double free if compiled with `-fsanitize=undefined`).

The reason is that `isAllocSiteRemovable` (which removes alloc/dealloc pair) only checks that alloc/dealloc functions have the same allocation family, but it doesn't check whether they are actually pairs.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJxtVEtv2zAM_jXKRUig2HUSH3zImnUY9jh0xYAdZYmOucqSIclNs18_Snk0KwY4ssznx49kWqePDSu2310EVm7pxj-zYj1weZAeeOxlpAMDp6eX4wgW7Z7riVSOS86KjYG9NKyouRsjDvhHRnSWS6uvftZRDFC9RSWNOZJbO-05WjKAixf4FMs6n4VBWoxZiMNoYAAbc1hKs-BPKSwZpxTBDRSCXHyKGc7YOzSEMmEaXIiUMYB_AS5DSi0DuXeUSFo-jcoNqaDHh3tOqHt3SHV1-JpgBCD0YYKwYGLHxPZ0PsLonZ4U-MTXjYKtxOlR43iWFCVaZSYNnJX3IWqD7aJn5cdbN7SRDxKptk1CzNYfTnLOk4YaguS8IxNjnCKjpRCCDFl5tbvalDfCzgOQNf5r-j8pW-_eFXD67GMcQ56JB3r2TrfOxIXzROzDH_p9Cl--lOHX5lJNsUlDdDMy0gTHD84_B37A2F9LeEgoeO7A8dy8rDlNTjdZlS9fv_78xp-tOwTuutT5a55tCpxTwKtMA8KlilOeLeVoVNCG1F14HY3DKFsy0G5Kr5wZOzIbRjSgT8Co5Hl3mTkicrIaOrSgExdvifP5ROPpQQYCSPlzsWSFYZsq-IERHmFwLyknidOYHnpUPbmQFAK_UKAh3_go0eflsQl8D-r5HPS94YWWtIYvcN4SGv5b5uSA5siKe9qFyDFS0RBortbxFJkfeshs00Fb6G9oSzDCYqabUtdlLWcRo4Fml0mbZ9LSEis57fvI2yPf_kjbYw2EwOeddfN2QhMxcxJGUNghkUstvv1TCFxjSMzo2eRN826-qBFTu6DG0IcxL5fXnLbtN6hIn6dlpEtVVbWY9Y2Q1V2tRCuKpVgua6hEtVptFCi9qau6VDMjWzChYdUHVhTnnvu5j5RVUr9JmNiiV05Ybv9Bm7TVboZNIYpCVMt6WRXF8m4hVt3qrtwUivKKtRLsTgAtsFmkIGk_Zr7JyNM_EikNhhjelDIE3FuAjIriyyn2zjdPAMMI3vlZLrPJNf4FCx3Rrw">