public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type
@ 2021-12-15 9:47 jan.smets at nokia dot com
2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: jan.smets at nokia dot com @ 2021-12-15 9:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730
Bug ID: 103730
Summary: ubsan: store with insufficient space for an object of
type
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jan.smets at nokia dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Following testcase produces an ubsan runtime error in GCC 10.2/11.3/trunk
gcc test.c -o /tmp/test -O2 -Wall -Wextra -fsanitize=undefined && /tmp/test
typedef int (logger_args_to_string)(void *event, void *pEntry);
typedef struct logger_msginfo
{
#if 1 // OK when excluded
void *test;
#endif
logger_args_to_string *Fn;
} logger_msginfo;
logger_msginfo x;
logger_msginfo *logger = &x;
void call( void )
{
logger->Fn = (logger_args_to_string*) 0x1234; // Happy
((logger_msginfo *) & logger[0])->Fn = (logger_args_to_string*) 0x1234; //
Happy
((logger_msginfo *) & logger)->Fn = (logger_args_to_string*) 0x1234; //
store with insufficient space... , trunk gives array-bounds warning here too -
but not on the line above.
}
int main(void) {
call();
return 0;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/103730] ubsan: store with insufficient space for an object of type
2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com
@ 2021-12-15 9:56 ` jakub at gcc dot gnu.org
2021-12-15 10:06 ` jan.smets at nokia dot com
2021-12-15 10:07 ` jakub at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-12-15 9:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
What do you find wrong about it?
((logger_msginfo *) & logger)->Fn
where logger is a pointer and logger_msginfo is a 2 * sizeof (void*) sized
struct does reference the pointer after the logger variable. It is a clear
UB.
While ((logger_msginfo *) & logger[0])->Fn is dereferencing that pointer and
then taking address, so effectively ((logger_msginfo *) logger)->Fn or
logger->Fn.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/103730] ubsan: store with insufficient space for an object of type
2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com
2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org
@ 2021-12-15 10:06 ` jan.smets at nokia dot com
2021-12-15 10:07 ` jakub at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: jan.smets at nokia dot com @ 2021-12-15 10:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730
--- Comment #2 from Jan Smets <jan.smets at nokia dot com> ---
PEBKAC. Thanks for clarifying.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/103730] ubsan: store with insufficient space for an object of type
2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com
2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org
2021-12-15 10:06 ` jan.smets at nokia dot com
@ 2021-12-15 10:07 ` jakub at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-12-15 10:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |INVALID
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-15 10:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com
2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org
2021-12-15 10:06 ` jan.smets at nokia dot com
2021-12-15 10:07 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).