From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 306EA3861836; Fri, 5 Mar 2021 19:11:07 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 306EA3861836 From: "vanyacpp at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/99418] New: sanitizer checks for accessing multidimentional VLA-array Date: Fri, 05 Mar 2021 19:11:06 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vanyacpp at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2021 19:11:07 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99418 Bug ID: 99418 Summary: sanitizer checks for accessing multidimentional VLA-array Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: vanyacpp at gmail dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxi= n at gcc dot gnu.org Target Milestone: --- The example below accesses array past its size, but sanitizers don't show a= ny errors. If I change index m to m + 1 an error will be shown. This makes me think that compiler does some checks, but perhaps they are incomplete for multidimentional VLA-arrays. GCC 10.2. #include std::string shortest_match(size_t n, size_t m) { std::string mas[n][m]; mas[n - 1][m] =3D ""; // mas[n - 1][m + 1] will show an errors return mas[n - 1][m - 1]; } int main() { shortest_match(4, 3); } $ g++ -g -fsanitize=3Daddress,undefined -std=3Dc++17 2.cpp && ./a.out=20 AddressSanitizer:DEADLYSIGNAL =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D26974=3D=3DERROR: AddressSanitizer: SEGV on unknown address 0x0000000= 00000 (pc 0x7f59ea2ad2d6 bp 0x000000000000 sp 0x7ffc78389ea0 T0) =3D=3D26974=3D=3DThe signal is caused by a WRITE memory access. =3D=3D26974=3D=3DHint: address points to the zero page. #0 0x7f59ea2ad2d6 in std::__cxx11::basic_string, std::allocator >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) (/lib/libstdc++.so.6+0x13c2d6) #1 0x401658 in shortest_match[abi:cxx11](unsigned long, unsigned long) /home/ivan/2.cpp:6 #2 0x4019eb in main /home/ivan/2.cpp:13 #3 0x7f59e950ec7c in __libc_start_main (/lib/libc.so.6+0x23c7c) #4 0x4011a9 in _start (/home/ivan/a.out+0x4011a9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/libstdc++.so.6+0x13c2d6) in std::__cxx11::basic_string, std::allocator >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) =3D=3D26974=3D=3DABORTING=