[Bug sanitizer/95279] UBSan doesn't seem to detect pointer overflow in certain cases

jakub at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Mon May 25 10:18:17 GMT 2020


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95279

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
How would you know if there is or isn't an object at that those addresses?

Sure, if you in #c4 change p + 1 into p, then it is undefined behavior, but as
I said, UndefinedBehaviorSanitizer has no way to detect that, as doesn't track
the object boundaries etc.
AddressSanitizer (to some extent) does, but it will only complain if one either
dereferences such a pointer, or with
-fsanitize=address,pointer-compare,pointer-subtract can complain about pointer
(non-equality) comparisons or pointer subtractions where the two pointers
provably don't belong to the same object.
In theory one could add similar pointer-arithmetics sanitizer that would use
the asan infrastructure, though I must say it would be very expensive (at
runtime).


More information about the Gcc-bugs mailing list