<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/54192>54192</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Stack buffer overflows don't throw exception when stack tagging enabled  with arm64 MTE
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          aditi741997
      </td>
    </tr>
</table>

<pre>
    I am compiling the following code [test_mte_stack2_code.txt](https://github.com/llvm/llvm-project/files/8183382/test_mte_stack2_code.txt)] using 'clang-11 -target aarch64-linux-gnu -march=armv8.5-a+memtag -fsanitize=memtag -I/usr/aarch64-linux-gnu/include/c++/9/aarch64-linux-gnu test_mte_stack2.cpp -static'.

I run the executable on a VM in QEMU, with MTE on [I ran the example code in ? and got a segfault, meaning QEMU, Kernel are behaving correctly]

I observed that 
1. local variables in main() are not getting tagged
2. In test function, local variables are being tagged but I am able to do stack buffer overflow from arr2 into arr1, without modifying the tag. 
3. Similarly in test2, which gets the pointer to one of test's local variables (a), i can read (i.e. overflow into) test's other local variables using the pointer to a.

What are the reasons behind the above? Shouldn't the tag be checked for accesses in functions test, test2 to detect overflow?

I have attached the assembly file [test_mte_stack2_assembly.txt](https://github.com/llvm/llvm-project/files/8183416/test_mte_stack2_assembly.txt)
 [which has no ldg instructions] and the output of running the executable in the VM 
[test_mte_stack2_output.txt](https://github.com/llvm/llvm-project/files/8183419/test_mte_stack2_output.txt).
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJytVctu2zoQ_Rp5M7BgPfxaaNE2DRAUWRS5j2VASUOJtxRpkJSb3K-_h5LVNIm7uEABw6Yo8syZc2bGtW2fqzsSAzV2OCmtTEehZ5JWa_s9PjW2ZUq2HwP78DgEfvRBNN_yx7ifhqeQbG-S_NCHcPJJ8SHJb_HpVOjHOgUkHrQ-Lz_rk7P_cBPwKJVmj99DdiiKQ47VLwPkR8Sg0Uc2Sb5vtDDdOstoHYTrOJAQrul35Rrkx6d1Z0ZaD3ErKW6EG86HdLsWSf5x4CGIjtbSC6OC-pfxftm7Q_zRO3y_A8OeMo0eW8aqAc70uT1eO0tvckib04nWWAeFm_s02dwkmw_z9x250Uxa8xM3YxC1ZrKGBP11T8rQ18_3fyb5J_oOLen-j8_xHWzANbFcE8MJdyaDcCEpbkmYljoLSchzJ8WoQ4QYGBlDvAXyCzvDmoRjqrkX59lm5-CMfo5-vqJpa8_uzC2CikDzbpaSto3QdBZOReY-MhiEMqgFGDZhGxCBP2GqKdF13M6X85TuzCQVydE0QVkTWb0FnOm9XKZ6DDSV6iRVsNRamnTGGynZkT2zkyhbks7ilHM5WOEcVtkipQXIYFsln5dSB3p6SatI6UENSgunn2NCkWM-3exV08dk_HTlZIGLgMC2Bq7J6SQc9u-ygB4iVjBAFDWwzrFo465KOX1hHHlG3X7gWMRx79DmJnhDQbyqq7-jS1G7eArBvDU-2qxMO22JGkFjrTxAC91C-n1YdMA5anpuvkFtaR2JpmHvZ3MXq_yF46dZnckHDiidH8kA_HUFocQQN8Cqni8kgDrUEDmOgWvTZTnwmyZMme2uTJhXQeDRRDeyme3uhUcNk2475O-DG-f84zASFzFRTScUFAoAzWwWb35qaDX3Klr6Isn7VGeM35bo8UqiP4XIj-mqrYr2WBzFKqiguXq41kMe3bXUhkOB8lPDp5g_eoHNpe9iY8ak2cRkW5qHFYburowjazU6Xf3vdJT345TPFsnkq746HOSBebeVst0fioa3Qpa8kcedLLiUWbHSombtK2ib5LlhdFOEwBqCrlSVb_J8U2zKzS7LyjKV27zNirrIZF6KtiyTcsOYXDqNPFLrupWrJkr12Hm81MoH__ISRaM6wzyFA74YMVRcJVr8p-zB-LhfTeGrif5_Tfd4Cw">