[Bug sanitizer/95279] UBSan doesn't seem to detect pointer overflow in certain cases
jakub at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Mon May 25 10:18:17 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95279
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
How would you know if there is or isn't an object at that those addresses?
Sure, if you in #c4 change p + 1 into p, then it is undefined behavior, but as
I said, UndefinedBehaviorSanitizer has no way to detect that, as doesn't track
the object boundaries etc.
AddressSanitizer (to some extent) does, but it will only complain if one either
dereferences such a pointer, or with
-fsanitize=address,pointer-compare,pointer-subtract can complain about pointer
(non-equality) comparisons or pointer subtractions where the two pointers
provably don't belong to the same object.
In theory one could add similar pointer-arithmetics sanitizer that would use
the asan infrastructure, though I must say it would be very expensive (at
runtime).
More information about the Gcc-bugs
mailing list