[llvm-bugs] [Bug 35782] New: -fsanitize=undefined does not catch UB static pointers initialization

[via llvm-bugs]

https://bugs.llvm.org/show_bug.cgi?id=35782

            Bug ID: 35782
           Summary: -fsanitize=undefined does not catch UB static pointers
                    initialization
           Product: clang
           Version: 5.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++
          Assignee: unassignedclangbugs at nondot.org
          Reporter: shachar at shemesh.biz
                CC: dgregor at apple.com, llvm-bugs at lists.llvm.org

Please consider the following (rather strange) program:

#include <cstdlib>

// _static_, no-one outside this translation unit can touch it
// Global static --> initialized to nullptr
static void (*fun) ();

void evil() {
    system("rm -rf /");
}

void set() {
    fun = &evil;
}

int main() {
    fun(); // nullptr dereference = UB.
    // Static variable, so no-one can touch it except us. So...
    // the only non-UB thing that could have happened is that
    // set() was called before main(). So let's assume that and
    // continue optimization...
    // >:D
}

When you switch the system call with a printf and compile with clang++-5.0, the
function gets triggered (-O3 -Wall -Wextra). The comment does a good job of
explaining why.

But when you add -fsanitize=undefined, I expected there to be some complaint
about the code running undefined behavior. No such complaint arises, and the
code still runs, still executes "evil", same as without the sanitizer.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20171231/33c027c4/attachment-0001.html>