public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "mohamed.selim at dxc dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/109446] New: Possible destination array overflow without diagnosis in memcpy
Date: Fri, 07 Apr 2023 15:47:49 +0000 [thread overview]
Message-ID: <bug-109446-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109446
Bug ID: 109446
Summary: Possible destination array overflow without diagnosis
in memcpy
Product: gcc
Version: 8.4.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: mohamed.selim at dxc dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Possible overflow of destination array using std::memcpy, the behavior doesn't
trigger any diagnostic by the sanitizer in scenario I, while in scenario II the
behavior triggers the sanitizer diagnosis.
In the test the overflow is about 40 bytes, by overflow 24 bytes array with 64
bytes src string literals.
I've also tried to use alignas(64) to align class bar on 64 bytes i.e.
class alignas(64) Bar
{
...
};
But it didn't trigger the sanitizer diagnosis.
#include <iostream>
#include <array>
#include <cstring>
const char txt[] =
"123456789-123456789-123456789-123456789-123456789-123456789-123";
class Bar
{
public:
constexpr Bar() : m1{}, m2{}, m3{}, m4{}, dst{} {}
std::uint16_t m1;
std::uint16_t m2;
std::uint16_t m3;
std::uint16_t m4;
std::int8_t dst[24];
};
void test(Bar& b) // scenario II
//void test(Bar& b) // scenario II
{
std::cout << "staring memcpy.\n";
std::cout << "size of bytes to be copied: " << sizeof(txt) <<"\n";
std::cout << "dst array size: " << sizeof(b.dst) << "\n";
std::cout << "overflow size: " << sizeof(txt) - sizeof(b.dst) << "\n";
std::memcpy(b.dst, txt, sizeof(txt));
}
class client
{
public:
void func()
{
test(b);
}
private:
Bar b{};
};
//g++-8 -o vtest vmain.cpp -std=c++14 -fsanitize=address -fsanitize=undefined
-static-libasan -static-libubsan
int main()
{
client c{};
c.func();
std::cout << "size of Bar: " << sizeof(Bar) << "\n";
std::cout << "align of Bar: " << alignof(Bar) << "\n";
return 0;
}
next reply other threads:[~2023-04-07 15:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-07 15:47 mohamed.selim at dxc dot com [this message]
2023-04-11 11:02 ` [Bug sanitizer/109446] " mohamed.selim at dxc dot com
2023-04-11 13:33 ` xry111 at gcc dot gnu.org
2023-04-12 8:05 ` marxin at gcc dot gnu.org
2023-04-12 8:08 ` xry111 at gcc dot gnu.org
2023-04-12 8:10 ` marxin at gcc dot gnu.org
2023-04-12 8:46 ` rguenth at gcc dot gnu.org
2023-04-12 8:52 ` jakub at gcc dot gnu.org
2023-04-12 8:59 ` rguenth at gcc dot gnu.org
2023-04-12 9:01 ` marxin at gcc dot gnu.org
2023-04-12 9:04 ` pinskia at gcc dot gnu.org
2023-04-12 9:07 ` marxin at gcc dot gnu.org
2023-04-12 9:18 ` rguenther at suse dot de
2023-04-12 11:16 ` xry111 at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109446-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).