Skip to content
GitLab
Closed
Issue created by Felix Moessbauer@fmoessbauerContributor

Return of local addr in fragment_add_ibl_target

With gcc 10 and -Werror=return-local-addr it reports that a local reference is returned in fragment_add_ibl_target.

For me it looks like this is an actual bug:

  1. Returned reference to fragment_t wrapper stack-variable: https://github.com/DynamoRIO/dynamorio/blob/master/core/fragment.c#L4106
  2. Ref passed to fragment_coarse_lookup_wrapper as arg: https://github.com/DynamoRIO/dynamorio/blob/master/core/fragment.c#L4111
  3. Ref to wrapper returned from fragment_coarse_lookup_wrapper: https://github.com/DynamoRIO/dynamorio/blob/master/core/fragment.c#L8052
  4. Ref returned from fragment_add_ibl_target: https://github.com/DynamoRIO/dynamorio/blob/master/core/fragment.c#L4139

I did not check if this is actually a realistic code path, but theoretically it should be valid and IMO should be fixed by making a copy of the wrapper. Note, that this path can only be reached in some configurations (with defined(RETURN_AFTER_CALL) || defined(RCT_IND_BRANCH)).

To Reproduce

Compile with gcc 10 and -Wall -Werror=return-local-addr

Versions Current master (c3b73b02) / 9.0.19146

Note: found while working on #5153