<div dir="ltr">If you set env. variable ASAN_OPTIONS=redzone=64 asan fill find all three cases in your test. <div><br></div><div>From <a href="https://code.google.com/p/address-sanitizer/wiki/Flags" target="_blank">https://code.google.com/p/address-sanitizer/wiki/Flags</a>: </div>
<div><table style="border-spacing:0px;border:1px solid rgb(204,204,204);color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><tbody><tr><td style="border:1px solid rgb(204,204,204);padding:5px">redzone</td>
<td style="border:1px solid rgb(204,204,204);padding:5px">16</td><td style="border:1px solid rgb(204,204,204);padding:5px">Size of the minimal redzone. Since LLVM 3.3 asan uses adaptive redzones for heap, i.e. for large heap allocations the redzones are larger.</td>
</tr></tbody></table></div><div class="gmail_extra"><br><div class="gmail_quote">hth, </div><div class="gmail_quote"><br></div><div class="gmail_quote">--kcc </div><div class="gmail_quote"><br></div><div class="gmail_quote">
On Tue, May 20, 2014 at 12:49 AM, Richard Smith <span dir="ltr"><<a href="mailto:richard@metafoo.co.uk" target="_blank">richard@metafoo.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>On Mon, May 19, 2014 at 12:51 PM, miroslav.fontan <span dir="ltr"><<a href="mailto:miroslav.fontan@wincor-nixdorf.cz" target="_blank">miroslav.fontan@wincor-nixdorf.cz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
By hunting after address error in our app I have found unexpected asan<br>
behaviour<br>
<br>
Here is a minimal isolated example which runs without address error:<br>
<br>
clang++ a.cpp -fsanitize=address<br>
<br>
cat a.cpp<br>
<br>
char* subroutine()<br>
{<br>
char* p = new char[8]();<br>
return p;<br>
}<br>
<br>
int main( int /*argc*/, char** /*argv*/ )<br>
{<br>
char* pc_sub = subroutine();<br>
char* pc_main = new char[8]();<br>
pc_main[32] = 1; //points to pc_sub, no ERROR :-(<br>
// pc_main[16] = 2; //points to bad address ERROR :-)<br>
pc_sub[-32] = 3; //points to pc_main, no ERROR :-(<br></blockquote><div><br></div></div><div>Yes, ASan puts a redzone around heap allocations, but that redzone has a limited size (this is a memory / ability to catch bugs tradeoff). Put another way, ASan checks that you only use valid addresses, but doesn't check how those addresses are computed. Do you have some specific question about this?</div>
<div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
delete[] pc_main;<br>
delete[] pc_sub;<br>
return 0;<br>
}<br>
<br>
Regards<br>
<br>
Miroslav<br>
<br>
<br>
<br>
_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
</blockquote></div></div><br></div></div>
<br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div></div>