it looks like, for this specific case, Address Sanitizer finds an issue pretty quickly.
```
term% cat foo.cc
#include <iostream>
#include <vector>
int
main()
{
std::vector<int> v{0, 1, 2, 3, 4};
for (const auto elem: v)
std::cout << "elem= " << elem << std::endl;
for (auto it = v.cbegin(); it != v.cend(); ++it) {
if (*it % 2)
v.emplace_back(1);
}
for (const auto elem: v)
std::cout << "elem= " << elem << std::endl;
return 0;
}
term% clang++ -std=c++23 -fsanitize=address,undefined -Wall -Wextra -o foo foo.cc
term% ./foo
foo(22239,0x20c2e5f00) malloc: nano zone abandoned due to inability to reserve vm space.
elem= 0
elem= 1
elem= 2
elem= 3
elem= 4
=================================================================
==22239==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000001c98 at pc 0x000102264f94 bp 0x00016db9a650 sp 0x00016db9a648
READ of size 4 at 0x603000001c98 thread T0
#0 0x000102264f90 in main+0x6b0 (foo:arm64+0x100000f90)
[snip]
#9 0x000102266308 in int& std::__1::vector<int, std::__1::allocator<int>>::emplace_back<int>(int&&)+0x224 (foo:arm64+0x100002308)
#10 0x000102265028 in main+0x748 (foo:arm64+0x100001028)
#11 0x00019de36b94 in start+0x17b8 (dyld:arm64e+0xfffffffffff3ab94)
previously allocated by thread T0 here:
[snip]
#8 0x000102266928 in std::__1::vector<int, std::__1::allocator<int>>::vector[abi:ne190102](std::initializer_list<int>)+0x328 (foo:arm64+0x100002928)
#9 0x0001022655a4 in std::__1::vector<int, std::__1::allocator<int>>::vector[abi:ne190102](std::initializer_list<int>)+0x60 (foo:arm64+0x1000015a4)
#10 0x000102264b54 in main+0x274 (foo:arm64+0x100000b54)
#11 0x00019de36b94 in start+0x17b8 (dyld:arm64e+0xfffffffffff3ab94)
SUMMARY: AddressSanitizer: heap-use-after-free (foo:arm64+0x100000f90) in main+0x6b0
[snip]
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==22239==ABORTING
term% clang++ --version
Apple clang version 17.0.0 (clang-1700.0.13.5)
Target: arm64-apple-darwin24.5.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
term%
```
Dan Cross
npub1ac…6psdr
2025-08-01 21:25:45 UTC
in reply to nevent1q…7vdv
Author Public Key
npub1acyn73r9v7wgaewsmzlf3yg9r5freyrtgn3ah3uj6xzwq9l89cmst6psdrSeen on
wss://relay.momostr.pinkPublished at
2025-08-01 21:25:45 UTCEvent JSON
{
"id": "54347c22a31eb19d69bcd087defbd6406d5793115b138a05c3be983a7cef82c2",
"pubkey": "ee093f4465679c8ee5d0d8be9891051d123c906b44e3dbc792d184e017e72e37",
"created_at": 1754083545,
"kind": 1,
"tags": [
[
"e",
"4d953c41af88ef378e0f9125202c4ccf69915022c01b257f1d3b56f3722ad136",
"",
"reply",
"858fcef929620f4e21b7979ad1bf52a1cc2305b61413fb504080a4d779395aab"
],
[
"proxy",
"https://discuss.systems/@cross/114955619214487201",
"web"
],
[
"p",
"858fcef929620f4e21b7979ad1bf52a1cc2305b61413fb504080a4d779395aab"
],
[
"e",
"0b09bc696581553675fa59e6c8c90507ecd3334a9780d6d8cc07818b79602dcd",
"",
"root",
"858fcef929620f4e21b7979ad1bf52a1cc2305b61413fb504080a4d779395aab"
],
[
"t",
"include"
],
[
"proxy",
"https://discuss.systems/users/cross/statuses/114955619214487201",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://discuss.systems/users/cross/statuses/114955619214487201",
"pink.momostr"
],
[
"-"
]
],
"content": "it looks like, for this specific case, Address Sanitizer finds an issue pretty quickly.\n\n```\nterm% cat foo.cc\n#include \u003ciostream\u003e\n#include \u003cvector\u003e\n\nint\nmain()\n{\n std::vector\u003cint\u003e v{0, 1, 2, 3, 4};\n for (const auto elem: v)\n std::cout \u003c\u003c \"elem= \" \u003c\u003c elem \u003c\u003c std::endl;\n for (auto it = v.cbegin(); it != v.cend(); ++it) {\n if (*it % 2)\n v.emplace_back(1);\n }\n for (const auto elem: v)\n std::cout \u003c\u003c \"elem= \" \u003c\u003c elem \u003c\u003c std::endl;\n return 0;\n}\nterm% clang++ -std=c++23 -fsanitize=address,undefined -Wall -Wextra -o foo foo.cc\nterm% ./foo\nfoo(22239,0x20c2e5f00) malloc: nano zone abandoned due to inability to reserve vm space.\nelem= 0\nelem= 1\nelem= 2\nelem= 3\nelem= 4\n=================================================================\n==22239==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000001c98 at pc 0x000102264f94 bp 0x00016db9a650 sp 0x00016db9a648\nREAD of size 4 at 0x603000001c98 thread T0\n #0 0x000102264f90 in main+0x6b0 (foo:arm64+0x100000f90)\n [snip]\n #9 0x000102266308 in int\u0026 std::__1::vector\u003cint, std::__1::allocator\u003cint\u003e\u003e::emplace_back\u003cint\u003e(int\u0026\u0026)+0x224 (foo:arm64+0x100002308)\n #10 0x000102265028 in main+0x748 (foo:arm64+0x100001028)\n #11 0x00019de36b94 in start+0x17b8 (dyld:arm64e+0xfffffffffff3ab94)\n\npreviously allocated by thread T0 here:\n [snip]\n #8 0x000102266928 in std::__1::vector\u003cint, std::__1::allocator\u003cint\u003e\u003e::vector[abi:ne190102](std::initializer_list\u003cint\u003e)+0x328 (foo:arm64+0x100002928)\n #9 0x0001022655a4 in std::__1::vector\u003cint, std::__1::allocator\u003cint\u003e\u003e::vector[abi:ne190102](std::initializer_list\u003cint\u003e)+0x60 (foo:arm64+0x1000015a4)\n #10 0x000102264b54 in main+0x274 (foo:arm64+0x100000b54)\n #11 0x00019de36b94 in start+0x17b8 (dyld:arm64e+0xfffffffffff3ab94)\n\nSUMMARY: AddressSanitizer: heap-use-after-free (foo:arm64+0x100000f90) in main+0x6b0\n[snip]\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07\n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n==22239==ABORTING\nterm% clang++ --version\nApple clang version 17.0.0 (clang-1700.0.13.5)\nTarget: arm64-apple-darwin24.5.0\nThread model: posix\nInstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin\nterm% \n```",
"sig": "8159da18247423ee8a371e11bbf183b0815f780aafddee41aa5baeecae56608eb3938123362625344139056622acfce0695b5d8ea7457eb3876e7ab0b43d4e65"
}