<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - UBSan doesn't catch misaligned memcpy"

   href="https://llvm.org/bugs/show_bug.cgi?id=28025">28025</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>UBSan doesn't catch misaligned memcpy

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>LLVM Codegen

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>ch3root@openwall.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>When optimizing memcpy, clang uses alignment of types arguments point to. It

would be nice for UBSan to catch misaligned pointer in this context in the same

way as in dereferences.

Example of misaligned memcpy:

----------------------------------------------------------------------

#include <stdlib.h>

#include <string.h>

#include <stdio.h>

int main(int argc, char **argv)

{

  (void)argv;

  long double *p = malloc(16);

  memset(p, 123, 16);

  char *q = malloc(17);

  long double *q1 = (void *)(q + 1);

  // *q1 = *p; // this is caught by UBSan

  memcpy(q1, p, 16); // this is not caught

  printf("%d\n", q[argc]);

}

----------------------------------------------------------------------

Results on x86-64:

----------------------------------------------------------------------

$ clang -std=c11 -Weverything -O3 -fsanitize=undefined test.c && ./a.out

Segmentation fault

----------------------------------------------------------------------

clang version: clang version 3.9.0 (trunk 271312)</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>