This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
detecting "container overflow" bugs in std::vector
- From: Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>
- To: libstdc++ at gcc dot gnu dot org
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Paul Pluzhnikov <ppluzhnikov at google dot com>
- Date: Mon, 26 May 2014 17:40:28 +0400
- Subject: detecting "container overflow" bugs in std::vector
- Authentication-results: sourceware.org; auth=none
Hello,
Some of std::vector misuses are very hard to find with internal STL checks
or using external tools (such as Valgrind or AddressSanitizer [1]).
Example:
std::vector<int> v(4);
v.reserve(8);
int *p = v.data();
p[6] = 0; // BOOM
We call these bugs "container overflow" [2,6] and we've developed a
method for finding them
using a combination of AddressSanitizer [1] and code annotations in
the STL code.
We've implemented these annotations in libc++ trunk [3] and in our
branch of libstdc++ [4].
These annotations have found over 30 bugs for us, and are still finding more.
Would you consider a patch similar to [4] for libstdc++ trunk?
If yes, any comments on the patch?
The current patch has a (minor) problem that affects only code with
exceptions [5].
If the libstdc++ team is generally ok with the idea I will work on the
updated patch
and send it for review.
[1] http://code.google.com/p/address-sanitizer/
[2] https://code.google.com/p/address-sanitizer/wiki/ContainerOverflow
[3] http://llvm.org/viewvc/llvm-project?view=revision&revision=208319
[4] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=207517
[5] https://www.mail-archive.com/cfe-commits@cs.uiuc.edu/msg96615.html
[6] http://llvm.org/devmtg/2014-04/PDFs/LightningTalks/EuroLLVM%202014%20--%20container%20overflow.pdf
Thanks,
--kcc