From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 824473858D32; Wed, 12 Apr 2023 08:08:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 824473858D32 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1681286930; bh=t89khdlWadLUcnX1aLU1ovsd0V3hEq2fCWtpda/kvj8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=T48mouJBZKf+0W1ynKti4qJN+H3UlODDJMSQwj7PRQSVYINa82AKbfyC5hKxG6LSC C7C0XxaS7w27e9WrmMWWHnbv6o/7aUMbMN3+O3e6fzog9525VIRRdvp9Kgvyc0XnLH A9s5zgBpurec5n/ya7bdPNK2GFxqzrBp1KG/qDaY= From: "xry111 at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/109446] Possible destination array overflow without diagnosis in memcpy Date: Wed, 12 Apr 2023 08:08:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 8.4.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: xry111 at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109446 --- Comment #4 from Xi Ruoyao --- (In reply to Martin Li=C5=A1ka from comment #3) > The problem here is that we normally preserve memcpy calls and then > __interceptor_memcpy is used from the run-time library. However, in this > case the second argument of memcpy is a known constant and we convert it = to: > MEM [(char * {ref-all})_7] =3D MEM > [(char * {ref-all})&txt]; >=20 > for such an assignment we only check the beginning and the end of the chu= nk > and we miss the overflow. It seems Clang disables this optimization and convert memcpy to __asan_memc= py calls if -fsanitize=3Daddress used: https://godbolt.org/z/dcfadoMYY=