[cfe-dev] Asan bug or feature?

Kostya Serebryany kcc at google.com
Mon May 19 20:57:58 PDT 2014 

If you set env. variable ASAN_OPTIONS=redzone=64 asan fill find all three
cases in your test.

>From https://code.google.com/p/address-sanitizer/wiki/Flags:
redzone 16Size of the minimal redzone. Since LLVM 3.3 asan uses adaptive
redzones for heap, i.e. for large heap allocations the redzones are larger.

hth,

--kcc

On Tue, May 20, 2014 at 12:49 AM, Richard Smith <richard at metafoo.co.uk>wrote:

> On Mon, May 19, 2014 at 12:51 PM, miroslav.fontan <
> miroslav.fontan at wincor-nixdorf.cz> wrote:
>
>> Hi all,
>>
>> By hunting after address error in our app I have found unexpected asan
>> behaviour
>>
>> Here is a minimal isolated example which runs without address error:
>>
>> clang++ a.cpp -fsanitize=address
>>
>> cat a.cpp
>>
>> char* subroutine()
>> {
>>         char* p = new char[8]();
>>         return p;
>> }
>>
>> int main( int /*argc*/, char** /*argv*/ )
>> {
>>         char* pc_sub = subroutine();
>>         char* pc_main = new char[8]();
>>         pc_main[32] = 1; //points to pc_sub, no ERROR :-(
>> //      pc_main[16] = 2; //points to bad address ERROR :-)
>>         pc_sub[-32] = 3; //points to pc_main, no ERROR :-(
>>
>
> Yes, ASan puts a redzone around heap allocations, but that redzone has a
> limited size (this is a memory / ability to catch bugs tradeoff). Put
> another way, ASan checks that you only use valid addresses, but doesn't
> check how those addresses are computed. Do you have some specific question
> about this?
>
>         delete[] pc_main;
>>         delete[] pc_sub;
>>         return 0;
>> }
>>
>> Regards
>>
>> Miroslav
>>
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140520/6ca59a54/attachment.html>

More information about the cfe-dev mailing list