Segfault when using ValuesGenerator<bool>

[moha-gh]

Describe the bug

We are currently migrating from v2.5.0 to v2.9.1 and have experienced segfaults in various tests. AddressSanitizer reports stack-use-after-return for those. It turns out that the root cause seems to be usage of ValuesGenerator<bool> in the affected tests.

Expected behavior

• No segfaults / ASAN findings.

Reproduction steps

The following minimal example reproduces the issue 100% locally:

• SEGFAULT when executing binary compiled with GCC
• stack-use-after-return reported by ASAN when analysing binary compiled with clang

When compiling with clang (without ASAN) and running the test, the crash does not occur.

TEST_CASE("Bool Generator Segfault")
{
    // Segfaults
    auto state = GENERATE(values<bool>({ true, false }));
    // Those two do not ...
    // auto state = GENERATE(true, false);
    // auto state = GENERATE(as<bool> {}, true, false);
    SECTION("foo bar")
    {
        INFO(state);
        SUCCEED();
    }
}

Using the alternative syntax (which, if I understood the docs correctly leads to two separate instances of ValueGenerator<T> being concatenated instead of a single ValuesGenerator<T>) does not segfault and triggers no ASAN findings.

Platform information:

• OS: Linux
• Compiler+version: GCC 7.4.0 / clang 8.0.0
• Catch version: v2.9.1

Additional context

n/a

[moha-gh]

asan-report-issue-1692.txt

[horenmar]

At a quick glance, it seems that the std::vector<bool> specialization strikes again. The problem is that the ValuesGenerator<T> internally holds a std::vector<T>, which, for bool, breaks, because std::vector<bool> is a weird type that messes around with proxies to single bits, instead of storing full booleans.