[Bug sanitizer/106591] New: ASan at -O1 fails to detect a global buffer overflow

[Bug sanitizer/106591] New: ASan at -O1 fails to detect a global buffer overflow

[shaohua.li at inf dot ethz.ch]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106591

            Bug ID: 106591
           Summary: ASan at -O1 fails to detect a global buffer overflow
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: shaohua.li at inf dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---

For the following code, `gcc-trunk -O1 -fsanitize=address` failed to detect the
global-buffer-overflow, while other opt flags (-O0, -O2, and -O3) can.

$cat a.c
a;
*b = &a, *d = &a;
volatile static **c = &b;

int foo(int p1, int p2) {
    return p1 % p2;
}
static int* e() {
  **c;
  int *f = &a;
  return f + 1;
}
int main() {
  *c = e();
  *d = 1;
  foo(**c, *d);
}
$
$gcc-trunk -O1 -fsanitize=address -w -g && ./a.out
$
$gcc-trunk -O2 -fsanitize=address -w -g && ./a.out
=================================================================
==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000404224
at pc 0x00000040113b bp 0x7ffff3ecdca0 sp 0x7ffff3ecdc98
READ of size 4 at 0x000000404224 thread T0
    #0 0x40113a in main /app/a.c:16
    #1 0x7f68868750b2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x240b2) (BuildId:
9fdb74e7b217d06c93172a8243f8547f947ee6d1)
    #2 0x4011ad in _start (/app/output.s+0x4011ad) (BuildId:
db3aa359dc97f1881309f971535063412033e172)

0x000000404224 is located 0 bytes to the right of global variable 'a' defined
in '/app/a.c:1:1' (0x404220) of size 4
SUMMARY: AddressSanitizer: global-buffer-overflow /app/a.c:16 in main
Shadow bytes around the buggy address:
  0x0000800787f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078810: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x000080078820: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9
  0x000080078830: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
=>0x000080078840: 00 00 00 00[04]f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x000080078850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1==ABORTING

[Bug sanitizer/106591] ASan at -O1 fails to detect a global buffer overflow

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106591

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2022-08-15
     Ever confirmed|0                           |1

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Is it the same problem as PR106558?