[Bug sanitizer/95430] New: [UBSAN] doesn't detect out of bounds in a simple case

[Bug sanitizer/95430] New: [UBSAN] doesn't detect out of bounds in a simple case

[haoxintu at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95430

            Bug ID: 95430
           Summary: [UBSAN] doesn't detect out of bounds in a simple case
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: haoxintu at gmail dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---

This case test.cc

#include<iostream>

int main () {
    int a[10];
    int *p1 = a - 100; // UB
    int *p2 = a + 100; // UB
    std::cout << "ok" << std::endl;
    return 0;
}

$g++ -fsanitize=undefined test.cc ; ./a.out
ok

While in Clang

$clang++ -fsanitize=undefined test.cc ; ./a.out
test.cc:5:17: runtime error: index -100 out of bounds for type 'int [10]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior test.cc:5:17 in 
test.cc:6:17: runtime error: index 100 out of bounds for type 'int [10]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior test.cc:6:17 in 
ok

My GCC version is

$g++ --version
g++ (GCC) 11.0.0 20200526 (experimental)
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

GCC doesn't trigger warning or runtime error in out of bounds in an array.

[Bug c++/95430] GCC doesn't detect out of bounds runtime error in a simple case

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95430

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jsm28 at gcc dot gnu.org,
                   |                            |mpolacek at gcc dot gnu.org
             Status|UNCONFIRMED                 |WAITING
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2020-06-01

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
You don't access the invalid pointers, so I guess it's not an invalid behavior.

[Bug c++/95430] GCC doesn't detect out of bounds runtime error in a simple case

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95430

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Already doing such address arithmetics is UB (though of course a + 10 is ok
above), but we don't have a warning for that and as I said in another PR, ubsan
could detect only the cases where the compiler can see at compile time the
exact object boundaries, and it would need to be soon before it is optimized
away (in the above testcase it isn't really used, in other cases it could be
changed into UB.

Perhaps we should just change ubsan_expand_ptr_ifn, if we don't know what the
base points at, use what we do right now (the cheap check), if we do and it
isn't  something we should punt on (e.g. common symbols with
flag_unconstrained_commons, or maybe external decls (not sure if all or some
cases).