<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/55189>55189</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
clang trunk missed the buffer-overflow in code
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
shao-hua-li
</td>
</tr>
</table>
<pre>
For the following code, both `clang-tk -fsanitize=address -O0` and `-O3` do not report the global-buffer-overflow of `a[]`. Interestingly, if you change `M` to a smaller value (e.g., `#define M 2`), they could detect it. Initially I thought it may relate to optimizations as discussed in https://github.com/llvm/llvm-project/issues/53972. But it's clearly not because changing `#define M 5` affected the result and even `-O0` missed the bug.
```c
#define M 5
volatile int a[M];
__attribute__((__noinline__))
void b(x) {
if(x) a[M] = 7;
}
main(){
b(M);
__builtin_printf("a[M]=%d\n", a[M]);
}
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJylU8tuozAU_RrYXIGICQUWLNpGlbqI-gnI2Bfw1LEjPzKTfv1ckz6m3U5kKdyHzzn34cnK6_BkHYQVYbZa29_KLCCsxIw9wmTDCtldJTQ3SxFeoZg9NyqoN8zqA5fSofdQvFSUA9zIlFu81MmSFowN4PBsXdjgF20nrospzjO6wl7QzUQHdk63eNY8ZM2Bvkp4NgEJOJASfU0y1AxXG0GspAJT9jExBAsc_IlrjQ4uXEcKsQ7LpUx3KCNjtcRZGYQjsM3uU4S0XKnCqCVIDCgCqJBIqSzCusIzZdi4rMkPJ36lGjQPmPjsOaiTeuNBWeOBe5DKi-g9SlAG1hDOPqvvM_ZEZ1FhjVMp7IkMrS8ff8XZ2V_ESqbyPqKnj6buW1bCQ0ycGWs9CI3ckZjUwwkFjx5v9afx_Kit2bpPXRWBhKRWU_eiDttE8ILmNpZtSCe1qU1JU6ROVYesuk942xHv9jfwzXWx1AOlkeokXBrWMU2rfrhFx5GH4NQUA44jDYHOOBqrjCaQ5OnTeQdSEiZK-EMuyNp3BKCfmj_cHwRAWwbtJ03WHm4fJ67MRtMTAHwhJNxj8tb_esdxikrTOo1nR_Ln7Sb7KuKQsUZmzSNBsrQgn5EN6Af1Z69uZi6HWvZ1z_OggsZheykQXDSv33v9felpW9Iby6PTw3-sTbPr-nwdet50rOslnxBrIWexb3fsTuzEzBrOucg1RbQf0htjzCDxJ4hUbnPI1cAqxqo966t-3-33Jau6tpt3HPdN27bYZvsKqeO6TDpK65bcDZsk2iBPQa188F9B7r1aDOJwe9I5j_Se3OBXbos18kKrfKMfNvl_AUU6YM0">