<html>
<head>
<base href="http://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - address sanitizer doesn't point out the specific variable"
href="http://llvm.org/bugs/show_bug.cgi?id=18484">18484</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>address sanitizer doesn't point out the specific variable
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>3.3
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>-New Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>metherid@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvmbugs@cs.uiuc.edu
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre><a href="https://www.youtube.com/watch?v=JSjoCisIHcM">https://www.youtube.com/watch?v=JSjoCisIHcM</a> (1:08) suggests that clang with
address sanitizer should be able to pin point the specific variable that causes
the overflow. However my test doesn't show that (admittedly this is C as
opposed to C++ as shown in the video)
$clang literal.c -g -fsanitize=address -o literal
$./literal
=================================================================
==12001==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffc21cf925 at pc 0x41ccbf bp 0x7fffc21cf870 sp 0x7fffc21cf028
WRITE of size 6 at 0x7fffc21cf925 thread T0
#0 0x41ccbe (/home/rahul/work/literal+0x41ccbe)
#1 0x42d39b (/home/rahul/work/literal+0x42d39b)
#2 0x32b3421d64 (/usr/lib64/libc-2.18.so+0x21d64)
#3 0x42d1cc (/home/rahul/work/literal+0x42d1cc)
Address 0x7fffc21cf925 is located in stack of thread T0 at offset 101 in frame
#0 0x42d29f (/home/rahul/work/literal+0x42d29f)
This frame has 3 object(s):
[32, 40) 'tabHeader'
[96, 101) 'header'
[160, 168) 'testme'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
0x100078431ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431f10: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
=>0x100078431f20: f2 f2 f2 f2[05]f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4
0x100078431f30: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431f50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078431f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==12001==ABORTING
$cat literal.c
#include <stdio.h>
#include <string.h>
int main (void)
{
const char *tabHeader = "Sound";
char header[5]; // = "Merry";
strcpy(header,"Merry");
const char *testme="whatever";
puts(tabHeader);
puts(header);
puts(testme);
}</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>