<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - __builtin_dump_struct buffer overrun with types it doesn't handle"
href="https://bugs.llvm.org/show_bug.cgi?id=45144">45144</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>__builtin_dump_struct buffer overrun with types it doesn't handle
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>9.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>C++
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ndkrempel@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>blitzrakete@gmail.com, dgregor@apple.com, erik.pilkington@gmail.com, llvm-bugs@lists.llvm.org, richard-llvm@metafoo.co.uk
</td>
</tr></table>
<p>
<div>
<pre>The following program:
#include <cstdio>
struct Foo {
short a[1];
};
int main() {
Foo f = {2};
__builtin_dump_struct(&f, &std::printf);
}
prints out garbage data from clang's memory:
struct Foo {
short [1] a : 0x315b2074726f0002
}
The "0002" on the end is the valid data, the rest is presumably whatever
happened to be in the compiler's memory afterwards.
A similar thing happens with any field type that __builtin_dump_struct doesn't
understand - it prints out 8 bytes (or maybe 4 bytes on a 32-bit system) of
data, regardless of the actual size of the field.
Reproduced on clang 9.0.0 and trunk. Didn't seem to occur on 7.0.0 and 8.0.0
but that could have just been getting lucky that the extra bytes displayed were
all 0.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>