<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/54667>54667</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
False negative: missing global-buffer-overflow in ASAN
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
shao-hua-li
</td>
</tr>
</table>
<pre>
For the following code, `clang -fsanitize=address -O3` reports nothing for the clear global-buffer-overflow in `a[i]` and `a[x]`. If you change the declaration from `a[5]` to `a[4]`, it would then report global-buffer-overflow..
```shell
$cat a.c
int a[5];
int foo(int x) {
for (int i=0;i<=5;i++)
a[i]++;
return a[x];
}
int main(){
__builtin_printf("foo = %d\n", foo(5));
}
$
$clang-tk -fsanitize=address -w -O3 a.c; ./a.out
foo = 1
$
```
```shell
$cat a.c
int a[4];
int foo(int x) {
for (int i=0;i<=5;i++)
a[i]++;
return a[x];
}
int main(){
__builtin_printf("foo = %d\n", foo(5));
}
$
$clang-tk -fsanitize=address -w -O3 a.c; ./a.out
==1==ERROR: AddressSanitizer: global-buffer-overflow on address
...
$
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJztVEuP3CAM_jXkghJlIMzjkMM8ulIvXWn3B6xIgISWgRGQffTX1-Qxu9rVHHrorZElwNifP9vEjRNv9Z3zOPYSK2eMe9G2w60TEpEjRuuyNRwUuQrc6qh_S0RPXAgvQ8D5PQUD7OXF-RiwdbFPzmqGa43kHnfGNdzkzaCU9Ll7ll5BEKxtAueIHTRipwTDrVhUr5OqwN8VfnMDbnvgIEdQIYGQ51E7i5V358WFzSjRLZpq0qQ0dMQvbjAiIdiZ7w1iRYHKEyr3yXOU0EtjZh2pWh4xL9rprC0cltj0MBtdr5RziGzT7hWRHUab2QLDl2o0X2qoaAnusB5hy8YtOYyye_dI37Vc0zX9AOhlHLzF1-pd6WxOn3mdubYQO6F_pPT01AzaRG2fLh7M1GhCIAkMrIAsE4gdwZGkik65sYQB8jUYqd5Llh5QHn_deEMv6RmNNaUHXCByxws3xMl7Cb76jLo05-97Vf3v1b_pFdiBrKbl28PD_QOie7yfXB9nMJ90NyYC_NBzoAmwuP6KN9qeiZqKHd3xLOpoZH3HTZDYyg6mw7NMkc46hDSRbs-g_eP-RzZ4U_cxXgL4QFIgnY790BStO8PBmOdlyS_e_ZRthCNADzLAhlXr9Sbra8oYhenEVrLdbktZMqaqlWjItqlIo9Q6M7yRJtTQdWiMlRA_QaQmsVOma1ISUlK6KrflmrFCVISKTSlbRbc7QSWqSgmvwRSJR-F8l_l6pNQMXYBLo0MM75ccMu-slGM4wOdD7J2vQ89d3g88Nzobw9cj_T_AB7NC">