From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 14E573858C83; Wed, 12 Apr 2023 08:59:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 14E573858C83 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1681289957; bh=c1x/7BH+JGvhFYpjLPR+Fgn3dm5UzRhaD1cmtMa7Xus=; h=From:To:Subject:Date:In-Reply-To:References:From; b=bZf7/9ywl+Pdq7jwQcUcQCi9RU5RDQTVjn9eeQadZyISwqTbxih2RIagOEpRrHgxa yqMOZZDkn9Tx9Y2+1glLFvAh//ksnxEi/AB6auqBHGdJTH6yWA/s9VersYH2XR5+Q4 cGof+FR2ZGC9plCxcSUyjO9vykgoEU9fzBfN/De4= From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/109446] Possible destination array overflow without diagnosis in memcpy Date: Wed, 12 Apr 2023 08:59:16 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 8.4.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109446 --- Comment #8 from Richard Biener --- (In reply to Jakub Jelinek from comment #7) > (In reply to Richard Biener from comment #6) > > not sure if we should prevent all of those transforms. But the questio= n is > > why ASAN doesn't instrument the generated aggregate copy? Maybe because > > in C/C++ you cannot write an aggregate array copy? >=20 > We do instrument those. But only instrument them by checking the first a= nd > last byte > of the copy, not all bytes in between (because that would be for inline > checking too large - we'd need to emit inline a loop over those bytes). OK, that's lack of an appropriate API then? But still the first and last byte should be sufficient to detect the problem (but maybe I'm missing something here).=