public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/105750] New: Too small red zone size for struct variables.
@ 2022-05-27 14:45 shaohua.li at inf dot ethz.ch
2022-05-27 14:52 ` [Bug sanitizer/105750] " jakub at gcc dot gnu.org
2022-05-27 15:00 ` shaohua.li at inf dot ethz.ch
0 siblings, 2 replies; 3+ messages in thread
From: shaohua.li at inf dot ethz.ch @ 2022-05-27 14:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105750
Bug ID: 105750
Summary: Too small red zone size for struct variables.
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
For the following code, gcc only generates 32 bytes red zone for the struct
variable j, which makes it fail to detect the buffer-overflow in k().
$cat a.c
struct a {
int b;
long c[2];
char d;
long f;
char g
};
int i;
volatile struct a j[1][6] = {2};
long k() {
return j[0][6].f;
}
int main() {
return k();
}
$
$gcc-trunk -O0 -fsanitize=address -w a.c && ./a.out
$
$
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/105750] Too small red zone size for struct variables.
2022-05-27 14:45 [Bug sanitizer/105750] New: Too small red zone size for struct variables shaohua.li at inf dot ethz.ch
@ 2022-05-27 14:52 ` jakub at gcc dot gnu.org
2022-05-27 15:00 ` shaohua.li at inf dot ethz.ch
1 sibling, 0 replies; 3+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-05-27 14:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105750
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That is completely intentional, you can find similar testcases for any size of
the red zone and infinite red zones aren't possible. In fact, any growth of
the red zone makes data segments larger, it is always a compromise between what
can be detected and how much memory it uses.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/105750] Too small red zone size for struct variables.
2022-05-27 14:45 [Bug sanitizer/105750] New: Too small red zone size for struct variables shaohua.li at inf dot ethz.ch
2022-05-27 14:52 ` [Bug sanitizer/105750] " jakub at gcc dot gnu.org
@ 2022-05-27 15:00 ` shaohua.li at inf dot ethz.ch
1 sibling, 0 replies; 3+ messages in thread
From: shaohua.li at inf dot ethz.ch @ 2022-05-27 15:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105750
--- Comment #2 from Li Shaohua <shaohua.li at inf dot ethz.ch> ---
Yea, I'm aware of that. What makes me confused is for the following code, gcc
generates a larger redone for the struct variable j, i.e., 48 bytes.
https://godbolt.org/z/Wv1djjrqv
$cat b.c
struct a {
long f;
};
int i;
volatile struct a j[1][6] = {2};
long k() {
return j[0][6].f;
}
int main() {
return k();
}
$
$
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-05-27 15:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-27 14:45 [Bug sanitizer/105750] New: Too small red zone size for struct variables shaohua.li at inf dot ethz.ch
2022-05-27 14:52 ` [Bug sanitizer/105750] " jakub at gcc dot gnu.org
2022-05-27 15:00 ` shaohua.li at inf dot ethz.ch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).