[llvm-bugs] [Bug 35782] New: -fsanitize=undefined does not catch UB static pointers initialization

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Dec 30 21:34:54 PST 2017


            Bug ID: 35782
           Summary: -fsanitize=undefined does not catch UB static pointers
           Product: clang
           Version: 5.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++
          Assignee: unassignedclangbugs at nondot.org
          Reporter: shachar at shemesh.biz
                CC: dgregor at apple.com, llvm-bugs at lists.llvm.org

Please consider the following (rather strange) program:

#include <cstdlib>

// _static_, no-one outside this translation unit can touch it
// Global static --> initialized to nullptr
static void (*fun) ();

void evil() {
    system("rm -rf /");

void set() {
    fun = &evil;

int main() {
    fun(); // nullptr dereference = UB.
    // Static variable, so no-one can touch it except us. So...
    // the only non-UB thing that could have happened is that
    // set() was called before main(). So let's assume that and
    // continue optimization...
    // >:D

When you switch the system call with a printf and compile with clang++-5.0, the
function gets triggered (-O3 -Wall -Wextra). The comment does a good job of
explaining why.

But when you add -fsanitize=undefined, I expected there to be some complaint
about the code running undefined behavior. No such complaint arises, and the
code still runs, still executes "evil", same as without the sanitizer.

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20171231/33c027c4/attachment-0001.html>

More information about the llvm-bugs mailing list