<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/62609>62609</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
AddressSanitizer: stack-use-after-scope when using capture lambda with coroutine
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
A2ureStone
</td>
</tr>
</table>
<pre>
I use a lambda coroutine to capture local variable. When compiling with -fsanitize=address, the program is built successfully. It will report stack-use-after-scope when run the program. Debugger shows that accessing captured variable trigger this error.
Even captured by value, it produces the same problem.
Link for [godbolt](https://godbolt.org/z/1Ej98abMY)
```c++
#include <experimental/coroutine>
#include <iostream>
struct task {
struct promise_type {
std::experimental::suspend_always initial_suspend() noexcept { return {}; }
std::experimental::suspend_never final_suspend() noexcept { return {}; }
void return_void() {}
task get_return_object() {
return {std::experimental::coroutine_handle<promise_type>::from_promise(*this)};
}
void unhandled_exception() { std::terminate(); }
};
std::experimental::coroutine_handle<promise_type> handle;
};
int main() {
int x = 1;
auto f = [&x]() -> task {
x = 2;
std::cout << x << std::endl;
co_return;
}();
f.handle.resume();
return 0;
}
```
```
❯ clang++ -fsanitize=address -stdlib=libc++ -fcoroutines-ts sanitizer_coro.cpp -o sanitizer_coro
sanitizer_coro.cpp:24:5: warning: support for std::experimental::coroutine_traits will be removed in LLVM 15; use std::coroutine_traits instead [-Wdeprecated-experimental-coroutine]
co_return;
^
/usr/bin/../include/c++/v1/experimental/coroutine:76:8: note: 'coroutine_traits' declared here
struct coroutine_traits
^
1 warning generated.
❯ ./sanitizer_coro
=================================================================
==23786==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fa0abf00050 at pc 0x55b08d712ee9 bp 0x7ffc30a18130 sp 0x7ffc30a18128
READ of size 8 at 0x7fa0abf00050 thread T0
#0 0x55b08d712ee8 (/home/J1senn/Desktop/project/cpp/cpplearn/sanitizer_coro+0x120ee8) (BuildId: d02f8ce3b0d653906cc5d32911ccac3fd9217967)
#1 0x55b08d71409b (/home/J1senn/Desktop/project/cpp/cpplearn/sanitizer_coro+0x12209b) (BuildId: d02f8ce3b0d653906cc5d32911ccac3fd9217967)
#2 0x55b08d71228b (/home/J1senn/Desktop/project/cpp/cpplearn/sanitizer_coro+0x12028b) (BuildId: d02f8ce3b0d653906cc5d32911ccac3fd9217967)
#3 0x7fa0addd178f (/usr/lib/libc.so.6+0x2378f) (BuildId: 4a4bec3d95a1804443e852958fe59ed461135ce9)
#4 0x7fa0addd1849 (/usr/lib/libc.so.6+0x23849) (BuildId: 4a4bec3d95a1804443e852958fe59ed461135ce9)
#5 0x55b08d613124 (/home/J1senn/Desktop/project/cpp/cpplearn/sanitizer_coro+0x21124) (BuildId: d02f8ce3b0d653906cc5d32911ccac3fd9217967)
Address 0x7fa0abf00050 is located in stack of thread T0 at offset 80 in frame
#0 0x55b08d7120ef (/home/J1senn/Desktop/project/cpp/cpplearn/sanitizer_coro+0x1200ef) (BuildId: d02f8ce3b0d653906cc5d32911ccac3fd9217967)
This frame has 3 object(s):
[32, 36) 'x'
[48, 56) 'f'
[80, 88) 'ref.tmp' <== Memory access at offset 80 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (/home/J1senn/Desktop/project/cpp/cpplearn/sanitizer_coro+0x120ee8) (BuildId: d02f8ce3b0d653906cc5d32911ccac3fd9217967)
Shadow bytes around the buggy address:
0x0ff4957d7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff4957d8000: f1 f1 f1 f1 04 f2 00 f2 f2 f2[f8]f3 f3 f3 f3 f3
0x0ff4957d8010: f1 f1 f1 f1 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00
0x0ff4957d8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4957d8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==23786==ABORTING
❯ clang++ --version
clang version 15.0.7
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUWd9u47bSfxrmZmCDoiRbusiFs47bfNhtP2T3nKJXASWObDYSKZCU4-zTH5CSZdnJLtqtC5yzEBQvZzj_-eOQ4tbKrUK8JekdSdc3vHM7bW5XrDP42WmFN4UWr7cP0FkEDjVvCsGh1EZ3TioEp6HkresMQq1LXsOeG8mLGufw2w4VlLppZS3VFl6k28GsslxJJ78iiddcCIPWEvYB3A6hNXpreAPSQtHJ2oHtyhKtrbq6fp3Dg4MXWddgsNXGgXW8fJ51Fme8cmhmttQtwovXaTo1FTgHWGPRbbdowO70iwW34w54EO4tGxwQo-3gjAzsbictoDHazAldE7q633ufjvzFK-x53aH3QDqvT3Ql2qDc8iZYUNTYDJP790epnqHSBkh6t9Wi0LUj6ZqwbOdca0m8ImxD2GYgzbXZErb5Stgmuv8jz3jx6XfC8qlAsqD9UxJ2R9gdDMMslqqsO4FA4g94aNHIBpXjNWGbMYEkvn-PXWrrDPLmRA5v60xXOnDcPgNZ3vWDAAADoTW6kRaf3GuL5ww9k_DuxaszY8KI7WyLSjzx-oW_WpC-Rnj9NAwTlhGWg9J4KLF1XjIYdJ1RQclyTeI78H_-qjqFezRQSfV3de21FAPbk_89SBlmTCJ4nBBCuEX3NEzSxR9Yusm0M27_72TEdxwb8_q040rUSOIP05z4dAa-yujmaaAEpStf6r6wgoPn2r_hQvC5U70i8dTHS2p1cuKUAoemkYq7Xln-JoaXav-Wi3AkDAKnwvu3VA4aLtXbeHvKAUi8hmhiEO-chioMe5xki0O_ZP3kmdf4dkX0Qtj7XpW6c36ZkfhDYAw_Tj4rUZ_NK_VQJpNR79Qxlsexat57Pjdouwbf0IcSomeROccQeBdZhv_eM5KvyWoDZc3VdkCb9yAdZtaJWhYkXteyKEfOMXd25iwc55knPz4v2xZm-mJ0wJ03nCResYTEq5TEK3jhRkm19T9t14btwQPsnyoiZ7h0tt9aCgSDjd6jAKng48d_f4Io9bXqN79J8i7mSmUdcuFLY_abwNZgyR2K2VTt7IS46fr7mQUg6QjKm84awjaFr9XNfE7YZkBpD-J9XAnb7CPCNt-G-NVyQeJV5uOjtPMDQNjy0g_CliCwrLnf2nZo8Azz33BPsWA0ODrmArao0PgwzC-LxzvxXpJJvP6ffyaOsHiZLfqf94-Pvz76qK_65fH56H2o2HcbGa3guJboYVlxyouKUppS4A7aEughTQuaiWXEEHMo2sBWlTHlURbFFOz5CMt62x7vV2vQFVj5FSHzwi7Eu53xtfyFTsqRxfRcYeYHM8I2O-1hZvN_kUXlK3SN9tnplrBNa3S_o238ag3vGrlRb5PP7ughYhSxx2KW3XWyFg9-tYGgrMpKjAsqFmmc00VZpiJmeRSVJS_jSuQsWuaL5dgSDfZGE3sTmhfXt5fRvLievWwaX5b9A_ZSll3R3vhYNkKIaJlVR3t7tPLIH97l3Or5Iljgl0P11oCEJwWWschTHmU0SZIYs5TlaVZhmqNIFlEUpyXmlwYkUwOyJP8zBmRJfj0D0jFjiyiOWHLtjLEoYskVEta_V-9jibTh1Ob6DS8gkQeHEQM8Puiqsuggo56lMrzBbyMDxeofqFyK7xTODwYC4Is_0wU_YMctxDC23qH_jVfTffguZv5wFy96A5YHwpZn9CTz9PRIry7pGfX0bIC2pcFq7prWb7Wh6_O7A3zCRpvX4UB6EfLQXUiB_VH0eEDtVfz88MsXH4pAavir7184VLy2CK220sk9gqzgVXdmPF13Fi1Y3SCUnXW6GbLeqRepBDRY7riStvFW2xfello5PDjQBvaVNs_TbZ-wrNZq-0fTAlcCPgxt3ngQsEDYihskbOzLUIz5-PyvT59Wj7__tW3xv27XGfrlzzsu9AsUrw4tcKM7JcItQNFtt6_HnXxSW_RAqyrJ06VYVgX1Oin9S897gsprCRLXEoTXElT9uKCwyO5PwjJKg7AqOj00gYr5SRXrH5LeVRlJ11UMk-etZRmN3go7iQm_j_O_62JG2XVildH4WoKSawlKf1zQZGFBjVtUwq9VrRDshGL8ocuictb3tG1by5J7BOoX5DmsD2ATYDSe3rCcbP9_bpzkdT2u3CMzjYAyoLEvGJoCXQBdwnHWz8hbqLFyYFB81WoivuJHpo3BcLriLRjcSq0mTOLI9DlA8ruiquicqQn3Tpfq2DmTkdvdG1Gncu6ZAszC8TR6VJeeM4Vb4MAY8Ljnq7Ij00-1Lnj91iDPlF8wSSX9tiJ6uB-YFmMKtLRa9XesnZ3yQDXusB-0clwqNKD3aKpav5wML8d8G8NfodT6WV4kHPjI9KCc4UMncGF-UYySPnMFUjk0KtwjTCRVY1P00WeN176tuoxDOVbBY0jIu1xl8Y1D5Oru18cvD7_89N27mNkejfVVFZgCCYYhiNI5nQ-x-8LNFp1XecgWT4tk1pazWqruMNuqbmDpm8BGCwzO-o7i0JMelHW8rlGspekvEybXFO_eJ92I21jkcc5v8DZaZHG6YMskudnd4rJaRDznUVYt4qJaJDFbspSlVbQoo2UkbuQtoyymKc2iRZTTZI7LKk7SRERFVi4pRiSh2HBZz-t638y12d5Iazu8XbAFzW9qXmBtw9cNxhS-QCASxki6vjG3fs6s6LaWJLSW1tmTFCddjbd_vjUJnx666QeF49eS8OVjvD-56Ux9e3HXL92uK-albvyppd4f_8xO7Uww2xK2CW79JwAA__9Q9FH7">