public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/108894] -fsanitize=bounds missing bounds provided by __builtin_dynamic_object_size()
Date: Wed, 22 Feb 2023 21:37:03 +0000 [thread overview]
Message-ID: <bug-108894-4-mhicGQXUwW@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-108894-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108894
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
-fstrict-flex-array= option doesn't affect the sanitization, if you want strict
sanitization of bounds, you should use -fsanitize=bounds-strict rather than
-fsanitize=bounds.
Furthermore, it is misunderstanding on what either of those sanitizers does,
they check the array index against the array domain. In the case of flexible
array member, that size is unlimited, not some constant or variable (that would
be just in case of a VLA).
If you want sanitization against object size, there is -fsanitize=object-size
for it.
next prev parent reply other threads:[~2023-02-22 21:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-22 20:57 [Bug sanitizer/108894] New: " kees at outflux dot net
2023-02-22 21:03 ` [Bug sanitizer/108894] " kees at outflux dot net
2023-02-22 21:05 ` kees at outflux dot net
2023-02-22 21:06 ` pinskia at gcc dot gnu.org
2023-02-22 21:16 ` mpolacek at gcc dot gnu.org
2023-02-22 21:37 ` jakub at gcc dot gnu.org [this message]
2023-02-23 8:41 ` rguenth at gcc dot gnu.org
2023-02-23 8:57 ` jakub at gcc dot gnu.org
2023-02-23 14:24 ` mpolacek at gcc dot gnu.org
2023-02-23 19:40 ` qinzhao at gcc dot gnu.org
2023-02-23 19:43 ` jakub at gcc dot gnu.org
2023-02-23 21:10 ` qinzhao at gcc dot gnu.org
2023-02-23 21:13 ` jakub at gcc dot gnu.org
2023-02-23 21:21 ` qinzhao at gcc dot gnu.org
2023-02-27 16:52 ` jakub at gcc dot gnu.org
2023-02-27 20:18 ` qinzhao at gcc dot gnu.org
2023-02-28 10:39 ` cvs-commit at gcc dot gnu.org
2023-03-01 9:51 ` cvs-commit at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-108894-4-mhicGQXUwW@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).