public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/115590] New: Bad dereferences through -> operator not detected by sanitizers
@ 2024-06-22 12:53 nrk at disroot dot org
2024-06-22 14:29 ` [Bug sanitizer/115590] " pinskia at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: nrk at disroot dot org @ 2024-06-22 12:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115590
Bug ID: 115590
Summary: Bad dereferences through -> operator not detected by
sanitizers
Product: gcc
Version: 14.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: nrk at disroot dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Minimal testcase:
int main(void)
{
struct { int v; } *p = 0;
p->v;
return 0;
}
Compile and run with:
[/tmp]~> gcc -fsanitize=address,undefined -O0 -o test ./test.c &&
./test
Doesn't detect the null pointer deref. Same with clang:
[/tmp]~> clang -fsanitize=address,undefined -O0 -o test ./test.c &&
./test
./test.c:4:5: warning: expression result unused [-Wunused-value]
p->v;
~ ^
1 warning generated.
test.c:4:5: runtime error: member access within null pointer of type
'struct (unnamed struct at ./test.c:3:2)'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior test.c:4:5 in
test.c:4:5: runtime error: load of null pointer of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior test.c:4:5 in
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/115590] Bad dereferences through -> operator not detected by sanitizers
2024-06-22 12:53 [Bug sanitizer/115590] New: Bad dereferences through -> operator not detected by sanitizers nrk at disroot dot org
@ 2024-06-22 14:29 ` pinskia at gcc dot gnu.org
2024-06-22 14:29 ` pinskia at gcc dot gnu.org
2024-06-22 14:37 ` nrk at disroot dot org
2 siblings, 0 replies; 4+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-06-22 14:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115590
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
In this case we remove the load early on even at -O0.
Way before address santiizer annotates the load.
I am not 100% sure want to keep these around even at -O0 since they don't have
any behavior effect.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/115590] Bad dereferences through -> operator not detected by sanitizers
2024-06-22 12:53 [Bug sanitizer/115590] New: Bad dereferences through -> operator not detected by sanitizers nrk at disroot dot org
2024-06-22 14:29 ` [Bug sanitizer/115590] " pinskia at gcc dot gnu.org
@ 2024-06-22 14:29 ` pinskia at gcc dot gnu.org
2024-06-22 14:37 ` nrk at disroot dot org
2 siblings, 0 replies; 4+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-06-22 14:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115590
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note if you assign it to a temporary, GCC will catch it at -O0.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug sanitizer/115590] Bad dereferences through -> operator not detected by sanitizers
2024-06-22 12:53 [Bug sanitizer/115590] New: Bad dereferences through -> operator not detected by sanitizers nrk at disroot dot org
2024-06-22 14:29 ` [Bug sanitizer/115590] " pinskia at gcc dot gnu.org
2024-06-22 14:29 ` pinskia at gcc dot gnu.org
@ 2024-06-22 14:37 ` nrk at disroot dot org
2 siblings, 0 replies; 4+ messages in thread
From: nrk at disroot dot org @ 2024-06-22 14:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115590
--- Comment #3 from nrk at disroot dot org ---
> I am not 100% sure want to keep these around even at -O0 since they don't have any behavior effect.
I'd strongly argue that if you're using sanitizers, you'd want these to be
caught :)
Also worth noting that bad array deref gets caught even if they don't have any
effect:
[/tmp]~> cat test.c
int main(void)
{
int v[1];
v[1];
return 0;
}
[/tmp]~> gcc -fsanitize=address,undefined -O0 -o test ./test.c &&
./test
test.c:4:3: runtime error: index 1 out of bounds for type 'int [1]'
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-22 14:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-22 12:53 [Bug sanitizer/115590] New: Bad dereferences through -> operator not detected by sanitizers nrk at disroot dot org
2024-06-22 14:29 ` [Bug sanitizer/115590] " pinskia at gcc dot gnu.org
2024-06-22 14:29 ` pinskia at gcc dot gnu.org
2024-06-22 14:37 ` nrk at disroot dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).