From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 318443858425; Thu, 23 Feb 2023 13:17:24 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 318443858425 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1677158244; bh=onCX4MMGMwXFgjBsE7JJBr6mblaQSwITFKreEnJPXuU=; h=From:To:Subject:Date:From; b=tL+BLBp4CdsNGe3oA2MWEUu7SrH1kBNgs8e9nzLkBedep3hy1qF4vk3qy4lFa9noY T1d4/0rA4awP41cjvyxrVCWG0kbGdmFX5ojVj7q1a1IGHGRdEjdxAtfgxxhsQ9k9Ej ZS8KJWvG2lkJ43jOB0ohQYlG2njJroIq6FM0P5Ak= From: "shaohua.li at inf dot ethz.ch" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108904] New: ASAN at -O2/3 missed a global buffer overflow Date: Thu, 23 Feb 2023 13:17:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: shaohua.li at inf dot ethz.ch X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108904 Bug ID: 108904 Summary: ASAN at -O2/3 missed a global buffer overflow Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: shaohua.li at inf dot ethz.ch CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxi= n at gcc dot gnu.org Target Milestone: --- For the following code, ASAN at -O2/3 missed the global-buffer-overflow. Compiler explorer: https://godbolt.org/z/zjed8vzhj % cat a.c int a, b, c =3D 3, d; static int *e =3D &c, *f, *g =3D &e; short h, i; int(j)(int k) {=20 return k=3D=3D0 ?0: a;=20 } int *l(int* p) { return &b; } int main() { for (; h >=3D 0; h--) { b =3D j(*e); if (*e | *(&d + 1)) ++i; } f =3D l(g); __builtin_printf("%d\n", i); } % % gcc-tk -O2 -fsanitize=3Daddress -w a.c && ./a.out 1 % gcc-tk -O1 -fsanitize=3Daddress -w a.c && ./a.out =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D1=3D=3DERROR: AddressSanitizer: global-buffer-overflow on address 0x0= 00000404424 at pc 0x0000004011fd bp 0x7ffe0ae032c0 sp 0x7ffe0ae032b8 READ of size 4 at 0x000000404424 thread T0 #0 0x4011fc in main /app/a.c:11 #1 0x7fb7968aa082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #2 0x4010bd in _start (/app/a.s+0x4010bd) (BuildId: ad1fc5fb90a08d043b6c529370650d444b96c26e) 0x000000404424 is located 60 bytes before global variable 'b' defined in '/app/a.c' (0x404460) of size 4 0x000000404424 is located 0 bytes after global variable 'd' defined in '/app/a.c' (0x404420) of size 4 ... %=