[Bug sanitizer/82079] missing pointer overflow detection with -fsanitize=pointer-overflow
jakub at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Sep 1 19:10:00 GMT 2017
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82079
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That is not a bug, but how it is meant to work and how it works in clang too.
The IL doesn't make any distinction between s + 18446603339198873381UL and
s + -1317290203L or s -1317290203L, therefore we have to consider offsets with
MSB set as negative. s + -1317290203L is perfectly fine for say s = malloc
(1317290213L) + 1317290211L; -fsanitize=pointer-overflow is just a fast
overflow check, doesn't know the boundaries of anything, and works as if
((ssize_t) offset < 0 ? (uintptr_t) (ptr + offset) > ptr : (uintptr_t) (ptr +
offset) < ptr) runtime_failure (); with optimizations if offset is constant.
More information about the Gcc-bugs
mailing list