MemorySanitizer: use-of-uninitialized-value in std::ostream::__put_character_sequence

[Kojoley]

Bugzilla Link	49345
Version	11.0
OS	Linux
Blocks	#51489
CC	@dwblaikie,@mclow,@tstellar

Extended Description

#include

int main() {
std::cout << "hmm";
}

$ clang++ z.cpp -g -stdlib=libc++ -fsanitize=memory && ./a.out
==3636==WARNING: MemorySanitizer: use-of-uninitialized-value
#​0 0x499fd4 in std::__1::basic_ostream<char, std::__1::char_traits >& std::__1::__put_character_sequence<char, std::__1::char_traits >(std::__1::basic_ostream<char, std::__1::char_traits >&, char const*, unsigned long) /usr/lib/llvm-11/bin/../include/c++/v1/ostream:727:13
#​1 0x499eb6 in std::__1::basic_ostream<char, std::__1::char_traits >& std::__1::operator<<<std::__1::char_traits >(std::__1::basic_ostream<char, std::__1::char_traits >&, char const*) /usr/lib/llvm-11/bin/../include/c++/v1/ostream:869:12
#​2 0x499db6 in main /home/user/z.cpp:4:14
#​3 0x7f3924d89cb1 in __libc_start_main csu/../csu/libc-start.c:314:16
#​4 0x41d32d in _start (/home/user/a.out+0x41d32d)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /usr/lib/llvm-11/bin/../include/c++/v1/ostream:727:13 in std::__1::basic_ostream<char, std::__1::char_traits >& std::__1::__put_character_sequence<char, std::__1::char_traits >(std::__1::basic_ostream<char, std::__1::char_traits >&, char const*, unsigned long)
Exiting

   typename basic_ostream<_CharT, _Traits>::sentry __s(__os);
   if (__s)
       ^

https://godbolt.org/z/o3f6z6

[llvmbot]

Some quick analysis from my side:

This looks like the string change at most triggered some 'other' bug by 'buttefly effect'?

The sanitizer chokes on basic_ostream<_CharT, _Traits>::sentry:

    typename basic_ostream<_CharT, _Traits>::sentry __s(__os);
    if (__s) // <------------- HERE

Which is the bool operator of sentry, which looking at the snippets below is
a) impossible to be uninitialized?
b) nowhere close to basic_string?

So my bet is that this is some sanitizer bug or clang bug, nothing that I can see makes this a logical causal effect of string changes, or even being closely related?

---

template <class _CharT, class _Traits>
class _LIBCPP_TEMPLATE_VIS basic_ostream<_CharT, _Traits>::sentry
{
bool _ok;
basic_ostream<_CharT, _Traits>& _os;

sentry(const sentry&); // = delete;
sentry& operator=(const sentry&); // = delete;

public:
explicit sentry(basic_ostream<_CharT, _Traits>& __os);
~sentry();

_LIBCPP_INLINE_VISIBILITY
    _LIBCPP_EXPLICIT
    operator bool() const {return __ok_;}

};

template <class _CharT, class _Traits>
basic_ostream<_CharT, _Traits>::sentry::sentry(basic_ostream<_CharT, _Traits>& __os)
: _ok(false), // < ====== ALWAYS INITIALIZED
_os(__os)
{
if (__os.good())
{
if (__os.tie())
__os.tie()->flush();
_ok = true;
}
}

[tstellar]

mentioned in issue #51489

[tstellar]

The deadline for requesting fixes for the release has passed. This bug is being removed from the LLVM 13.0.1 release milestone. If you have a fix or think this bug is important enough to block the release, please explain why in a comment and add the bug back to the LLVM 13.0.1 release milestone.