public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type @ 2021-12-15 9:47 jan.smets at nokia dot com 2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: jan.smets at nokia dot com @ 2021-12-15 9:47 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730 Bug ID: 103730 Summary: ubsan: store with insufficient space for an object of type Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: jan.smets at nokia dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- Following testcase produces an ubsan runtime error in GCC 10.2/11.3/trunk gcc test.c -o /tmp/test -O2 -Wall -Wextra -fsanitize=undefined && /tmp/test typedef int (logger_args_to_string)(void *event, void *pEntry); typedef struct logger_msginfo { #if 1 // OK when excluded void *test; #endif logger_args_to_string *Fn; } logger_msginfo; logger_msginfo x; logger_msginfo *logger = &x; void call( void ) { logger->Fn = (logger_args_to_string*) 0x1234; // Happy ((logger_msginfo *) & logger[0])->Fn = (logger_args_to_string*) 0x1234; // Happy ((logger_msginfo *) & logger)->Fn = (logger_args_to_string*) 0x1234; // store with insufficient space... , trunk gives array-bounds warning here too - but not on the line above. } int main(void) { call(); return 0; } ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/103730] ubsan: store with insufficient space for an object of type 2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com @ 2021-12-15 9:56 ` jakub at gcc dot gnu.org 2021-12-15 10:06 ` jan.smets at nokia dot com 2021-12-15 10:07 ` jakub at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: jakub at gcc dot gnu.org @ 2021-12-15 9:56 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730 --- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> --- What do you find wrong about it? ((logger_msginfo *) & logger)->Fn where logger is a pointer and logger_msginfo is a 2 * sizeof (void*) sized struct does reference the pointer after the logger variable. It is a clear UB. While ((logger_msginfo *) & logger[0])->Fn is dereferencing that pointer and then taking address, so effectively ((logger_msginfo *) logger)->Fn or logger->Fn. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/103730] ubsan: store with insufficient space for an object of type 2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com 2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org @ 2021-12-15 10:06 ` jan.smets at nokia dot com 2021-12-15 10:07 ` jakub at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: jan.smets at nokia dot com @ 2021-12-15 10:06 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730 --- Comment #2 from Jan Smets <jan.smets at nokia dot com> --- PEBKAC. Thanks for clarifying. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/103730] ubsan: store with insufficient space for an object of type 2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com 2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org 2021-12-15 10:06 ` jan.smets at nokia dot com @ 2021-12-15 10:07 ` jakub at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: jakub at gcc dot gnu.org @ 2021-12-15 10:07 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103730 Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> --- . ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-15 10:07 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-12-15 9:47 [Bug sanitizer/103730] New: ubsan: store with insufficient space for an object of type jan.smets at nokia dot com 2021-12-15 9:56 ` [Bug sanitizer/103730] " jakub at gcc dot gnu.org 2021-12-15 10:06 ` jan.smets at nokia dot com 2021-12-15 10:07 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).