[Bug sanitizer/96775] New: UBSan: confusing error message load of address with insufficient space
diane2332 at gmail dot com
gcc-bugzilla@gcc.gnu.org
Mon Aug 24 19:34:23 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96775
Bug ID: 96775
Summary: UBSan: confusing error message load of address with
insufficient space
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: diane2332 at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
UBSan gives 2 very confusing error messages:
load of address with insufficient space for an object of type 'whatever'
store of address with insufficient space for an object of type 'whatever'
We ran UBSan on a very large application and filed many bugs detected.
Developers of this application were stumped as to what this message meant, and
I was also for a while. Eventually I realized that this message really
indicates either BUFFER OVERFLOW READ or BUFFER OVERFLOW WRITE. This is what's
happening and this is something that developers understand and can take action
on. Here is a simple example:
#include <stdlib.h>
int main()
{
const unsigned int size = 20;
unsigned int array = (unsigned int)malloc(sizeof(unsigned int) * size);
array[size] = array[size+1];
return array[-1];
}
gcc test3.c -O -fsanitize=undefined
./a.out
test3.c:7:16: runtime error: load of address 0x000001bf8064 with insufficient
space for an object of type 'unsigned int'
0x000001bf8064: note: pointer points here
00 00 00 00 00 00 00 00 a1 0f 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
^
test3.c:7:16: runtime error: store to address 0x000001bf8060 with insufficient
space for an object of type 'unsigned int'
0x000001bf8060: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 a1 0f 02 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
^
I'm using gcc 8.2.1.
It would be much clearer to say something like:
test3.c:7:16: runtime error: BUFFER OVERFLOW READ on address 0x000001bf8064 for
an object of type 'unsigned int'
Please see the GitHub issue I filed for this:
https://github.com/google/sanitizers/issues/1297
More information about the Gcc-bugs
mailing list