GCC-8.3 address and undefined sanitizer detects stack-buffer-overflow and other errors while executing the BingRequest example

[xzibitseven]

I built a BingRequest example under linux (debian 10.2) using the manual https://github.com/Microsoft/cpprestsdk/wiki/How-to-build-for-Linux with the options -std=c++17 -fsanitize=undefined -fsanitize=address.
When it starts, I get this kind of log.

=================================================================
==14967==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe45afe6e8 at pc 0x558c73e1ebf3 bp 0x7ffe45afe2a0 sp 0x7ffe45afe298
WRITE of size 8 at 0x7ffe45afe6e8 thread T0
#0 0x558c73e1ebf2 in std::__cxx1998::_Vector_base<void*, std::allocator<void*> >::_Vector_impl::_Vector_impl() /usr/include/c++/8/bits/stl_vector.h:96
#1 0x558c73e0d4fb in std::__cxx1998::_Vector_base<void*, std::allocator<void*> >::_Vector_base() /usr/include/c++/8/bits/stl_vector.h:249
#2 0x558c73dfab3c in std::__cxx1998::vector<void*, std::allocator<void*> >::vector() /usr/include/c++/8/bits/stl_vector.h:395
#3 0x558c73dcfa85 in std::__debug::vector<void*, std::allocator<void*> >::vector() /usr/include/c++/8/debug/vector:155
#4 0x558c73dcfcb5 in pplx::details::_TaskCreationCallstack::_TaskCreationCallstack() /usr/local/include/pplx/pplxtasks.h:280
#5 0x558c73dd1833 in pplx::details::_Internal_task_options::_Internal_task_options() /usr/local/include/pplx/pplxtasks.h:1217
#6 0x558c73dd1c5f in pplx::task_options::task_options() /usr/local/include/pplx/pplxtasks.h:1237
#7 0x7fa411c7f41e in _open_fsb_str (/usr/local/lib/libcpprest.so.2.10+0x503841e)
#8 0x558c73e19993 in Concurrency::streams::details::basic_file_buffer::open(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::_Ios_Openmode, int) /usr/local/include/cpprest/filestream.h:726
#9 0x558c73e07ce6 in Concurrency::streams::file_buffer::open(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::_Ios_Openmode, int) /usr/local/include/cpprest/filestream.h:966
#10 0x558c73daf9c3 in main ../wrapper-zabbix-api/src/main.cpp:72
#11 0x7fa40bdc709a in __libc_start_main ../csu/libc-start.c:308
#12 0x558c73dad949 in _start (/home/wolfmen/project/wrapper-over-zabbix-server-api-for-rpc-swarm/swarm/build/wrapper-zabbix-api/wzabbix-api+0x3f9949)
Address 0x7ffe45afe6e8 is located in stack of thread T0 at offset 600 in frame
#0 0x7fa411c7f29f in _open_fsb_str (/usr/local/lib/libcpprest.so.2.10+0x503829f)
This frame has 8 object(s):
[32, 33) ''
[96, 97) ''
[160, 161) ''
[224, 225) ''
[288, 304) ''
[352, 384) 'name'
[416, 472) ''
[512, 600) '' <== Memory access at offset 600 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /usr/include/c++/8/bits/stl_vector.h:96 in std::__cxx1998::_Vector_base<void*, std::allocator<void*> >::_Vector_impl::_Vector_impl()
Shadow bytes around the buggy address:
0x100048b57c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x100048b57c90: 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 01 f2
0x100048b57ca0: f2 f2 f2 f2 f2 f2 01 f2 f2 f2 f2 f2 f2 f2 01 f2
0x100048b57cb0: f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00
0x100048b57cc0: 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2
=>0x100048b57cd0: f2 f2 00 00 00 00 00 00 00 00 00 00 00[f2]f3 f3
0x100048b57ce0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100048b57cf0: f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2
0x100048b57d00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
0x100048b57d10: 00 00 00 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x100048b57d20: 00 00 00 00 f1 f1 f1 f1 01 f2 f2 f2 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb

With Sanitizer turned off, everything is fine.
I tried building my simple http client, but Sanitizer starts to swear anyway, even with the simple creation of web::http::http_request request; without calling functions. What is it?

Sanitizer is not possible to use with cpprestsdk library?

[xzibitseven]

I solved the problem. It is necessary to build the cpprest library from the source code and the cmake -G Ninja .. -DCMAKE_BUILD_TYPE = Debug command from the instructions (https://github.com/Microsoft/cpprestsdk/wiki/How-to-build-for-Linux) must be replaced with CXXFLAGS = "- D_GLIBCXX_DEBUG" cmake -G Ninja .. -DCMAKE_BUILD_TYPE = Debug.

When building your project with the cpprest library in the Release assembly (where the gcc -D_GLIBCXX_DEBUG flag is missing), you can use the cpprest library from the libcpprest-dev package (Debian OS) or built from the source code with cmake -G Ninja .. -DCMAKE_BUILD_TYPE = Release (or cmake -G Ninja .. -DCMAKE_BUILD_TYPE = Debug).