[Bug sanitizer/99418] sanitizer checks for accessing multidimentional VLA-array
marxin at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Mon Mar 8 09:15:25 GMT 2021
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-03-08
Status|UNCONFIRMED |WAITING
Ever confirmed|0 |1
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
> Surprisingly if I replace taking a reference with writing to the array it
> will show an error.
Yes, ASAN instruments memory reads and writes, so your test-case reports ASAN
errors with:
void escape(int &a)
{
a = 123;
}
$ g++ pr99418.C -fsanitize=address && ./a.out
=================================================================
==7912==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fffffffde90 at pc 0x000000400869 bp 0x7fffffffde10 sp 0x7fffffffde08
WRITE of size 4 at 0x7fffffffde90 thread T0
#0 0x400868 in escape(int&)
(/home/marxin/Programming/testcases/a.out+0x400868)
#1 0x4009c0 in test(unsigned long, unsigned long)
(/home/marxin/Programming/testcases/a.out+0x4009c0)
#2 0x400a06 in main (/home/marxin/Programming/testcases/a.out+0x400a06)
#3 0x7ffff708db24 in __libc_start_main (/lib64/libc.so.6+0x27b24)
#4 0x40077d in _start (/home/marxin/Programming/testcases/a.out+0x40077d)
Address 0x7fffffffde90 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
(/home/marxin/Programming/testcases/a.out+0x400868) in escape(int&)
Shadow bytes around the buggy address:
0x10007fff7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bc0: 00 00 00 00 00 00 00 00 ca ca ca ca 00 00 00 00
=>0x10007fff7bd0: 00 00[cb]cb cb cb cb cb 00 00 00 00 00 00 00 00
0x10007fff7be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==7912==ABORTING
That said, can we close it as resolved?
More information about the Gcc-bugs
mailing list