public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "marxin at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/99418] sanitizer checks for accessing multidimentional VLA-array
Date: Mon, 08 Mar 2021 09:15:25 +0000 [thread overview]
Message-ID: <bug-99418-4-3LZRJQ33dY@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-99418-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-03-08
Status|UNCONFIRMED |WAITING
Ever confirmed|0 |1
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
> Surprisingly if I replace taking a reference with writing to the array it
> will show an error.
Yes, ASAN instruments memory reads and writes, so your test-case reports ASAN
errors with:
void escape(int &a)
{
a = 123;
}
$ g++ pr99418.C -fsanitize=address && ./a.out
=================================================================
==7912==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fffffffde90 at pc 0x000000400869 bp 0x7fffffffde10 sp 0x7fffffffde08
WRITE of size 4 at 0x7fffffffde90 thread T0
#0 0x400868 in escape(int&)
(/home/marxin/Programming/testcases/a.out+0x400868)
#1 0x4009c0 in test(unsigned long, unsigned long)
(/home/marxin/Programming/testcases/a.out+0x4009c0)
#2 0x400a06 in main (/home/marxin/Programming/testcases/a.out+0x400a06)
#3 0x7ffff708db24 in __libc_start_main (/lib64/libc.so.6+0x27b24)
#4 0x40077d in _start (/home/marxin/Programming/testcases/a.out+0x40077d)
Address 0x7fffffffde90 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
(/home/marxin/Programming/testcases/a.out+0x400868) in escape(int&)
Shadow bytes around the buggy address:
0x10007fff7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bc0: 00 00 00 00 00 00 00 00 ca ca ca ca 00 00 00 00
=>0x10007fff7bd0: 00 00[cb]cb cb cb cb cb 00 00 00 00 00 00 00 00
0x10007fff7be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==7912==ABORTING
That said, can we close it as resolved?
next prev parent reply other threads:[~2021-03-08 9:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-05 19:11 [Bug sanitizer/99418] New: " vanyacpp at gmail dot com
2021-03-06 22:53 ` [Bug sanitizer/99418] " vanyacpp at gmail dot com
2021-03-07 7:44 ` vanyacpp at gmail dot com
2021-03-08 9:15 ` marxin at gcc dot gnu.org [this message]
2021-03-08 10:14 ` jakub at gcc dot gnu.org
2021-03-08 18:23 ` msebor at gcc dot gnu.org
2021-03-09 8:39 ` vanyacpp at gmail dot com
2021-03-09 8:47 ` vanyacpp at gmail dot com
2021-03-09 8:54 ` vanyacpp at gmail dot com
2021-03-09 15:48 ` [Bug sanitizer/99418] more cases where -fsanitize=bounds can check one-past-the-end accesses msebor at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-99418-4-3LZRJQ33dY@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).