<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/62120>62120</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
AddressSanitizer: invalid-pointer-pair reports non-sensical address
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
ydroneaud
</td>
</tr>
</table>
<pre>
The reproducer below is triggering an unexpected error:
```
$ cat > asan-cmp-ptr.c <<EOF
#include <stdlib.h>
struct a {
int b;
void *c;
};
int main() {
struct a *a = calloc(3, sizeof *a);
struct a b = a[1];
*a = b;
}
EOF
$ clang -Og -g -fsanitize=address -fsanitize=pointer-compare -fsanitize=pointer-overflow asan-cmp-ptr.c -o asan-cmp-ptr
$ ASAN_OPTIONS=detect_invalid_pointer_pairs=1:detect_leaks=0 ./asan-cmp-ptr
=================================================================
==927967==ERROR: AddressSanitizer: invalid-pointer-pair: 0x604000000050 0xfffffffffffffff0
#0 0x4f3318 in main .../asan-cmp-ptr/asan-cmp-ptr.c:8:16
#1 0x7faa60827b49 in __libc_start_call_main /usr/src/debug/glibc-2.37.9000-5.fc39.x86_64/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#2 0x7faa60827c0a in __libc_start_main@GLIBC_2.2.5 /usr/src/debug/glibc-2.37.9000-5.fc39.x86_64/csu/../csu/libc-start.c:360:3
#3 0x41d324 in _start (.../asan-cmp-ptr/asan-cmp-ptr+0x41d324) (BuildId: 636f794763fca4f0a4f3a5ba0cee85eb706e06b5)
0x604000000050 is located 0 bytes inside of 48-byte region [0x604000000050,0x604000000080)
allocated by thread T0 here:
#0 0x4b7b2c in __interceptor_calloc (.../asan-cmp-ptr/asan-cmp-ptr+0x4b7b2c) (BuildId: 636f794763fca4f0a4f3a5ba0cee85eb706e06b5)
#1 0x4f3302 in main .../asan-cmp-ptr/asan-cmp-ptr.c:7:17
#2 0x7faa60827c0a in __libc_start_main@GLIBC_2.2.5 /usr/src/debug/glibc-2.37.9000-5.fc39.x86_64/csu/../csu/libc-start.c:360:3
#3 0x41d324 in _start (.../asan-cmp-ptr/asan-cmp-ptr+0x41d324) (BuildId: 636f794763fca4f0a4f3a5ba0cee85eb706e06b5)
Address 0xfffffffffffffff0 is a wild pointer inside of access range of size 0x000000000001.
SUMMARY: AddressSanitizer: invalid-pointer-pair .../asan-cmp-ptr/asan-cmp-ptr.c:8:16 in main
==927967==ABORTING
```
The second pointer (`0xfffffffffffffff0`) makes no sense to me.
It's a constant generated by clang as `-16`:
```
leaq 16(%rax), %r14
movq %rax, %rdi
movq $-16, %rsi
callq __sanitizer_ptr_cmp@PLT
```
See https://godbolt.org/z/GE6j9qThr
(The reproducer was generated with the help of https://github.com/marxin/cvise)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsVktv2z4S_zT0ZSCBIvU8-GDHcRGgbYoke9iTQJFjm60sKiSVOP30C8qP2Gm22wC9LPAXDImP4cxw5jc_j3BOrzvEKcnmJFtMxOA3xk5flDUdikFNGqNepg8bBIu9NWqQaKHB1jyDduCtXq_R6m4NooOhw12P0qMCtNZYwmeELgg9vnN6-O2nLAUpPBB-DcKJLpLbPuq9jSUQfkX41fXt8ijJdSfbQWHYcV61uok3hF_vt523g_QggBTz_QqA7jw0hJ_mT0YrIGwmT2ukWJzGQXordEdYSVh1pudVNZsJIHwBUrStkYSVnLArcPonmtW4S1h1Zu90sBlPCZLNE5ItziROGpsLl8bB2c1TkK3o1hDdriFaQ7RyotNe_0TCF0Ipi85dLvZGdx5tJM22Fxbf3zRPaFchh28CH5mLlVcnZvezr_Xtt4eb26_3hC8UepS-1t2TaLWqD2rrXmjrCF8khM8OIi2KH2GJQkzY8h3lfPF__zu7SMWKKi_24-u7u9s7wmcw2-fp_pCHUBdwCF10zEgIXVinu5ymdP9kFOhudfkcigcI42E3XXGelKC7Eb8Qx79E-XIaS8JnJeGzJD8CMUCRJ0B3xUqInJasaNIqaKzrVjeydl5YXwfc16MNwpaDC3qdlYQtFTbDmrDlOghHLOZFXFFKoyxeSV7FuzKv85SwpXQDYcvRP_fiFPaOsGXX-5aw5Xt2QoHPsgtXCePs3E9JxS9-jmWc0k-fb-ZXNYtZnP0Fh_fDUX60MkaR5zS8X33jIR-J4iwdvRolgbDyfyaFsPnx5Eg_rJwPulU3KgAi5_mqqNIi5ysp0hUV6YqLrBFUIpYZNgXNkeZNFvjnjGzf4Eg7aI0UgZopNC8eHejOaYVgVpCWUVgCi2ttOiDZ_PI0YVfnCyU92RrJcNTavIDfWBQKHihs0OKJ_A8IG9HaFA2T-5yNsJfYe2PrPal-IFajnr8QqzP0h0qi7IOVVAR4Fhe6_kHoHyL0wIrvUFxAq4Bn3So40OMZWIWU4ZQV3Xqch79goDv6-iTx3sD9v758md39-yMM_CECPWLlv_H_bH5793Dz9dP73c_4Dn2VQ2m615uGHiSn7_B-HsoOtuIHOugMOOwcgjewxfhc5Y0nrAjxk6ZzXnQe1tihPRbpvpsQDkhOoyQnI0R-06XB4WlRPIZvko9NUmbFLuSTXUGYJOlBemueHveFsJfYbyt9qexVKg0-HKTcG6nACo9Q18f-xda9t7Xc9iSl3z4__Cas94iw8b534W5sGUrJqMa0PjY2FNZPwpafrvPv1ePDxl5cnpVvWt1n4c4C-Kz9BvwGYYNtH9D3xor2m6GJpdkSttwKuwst5VI-aYcn8E_UlKuKV2KC0yQvkzThacEmm2muigoTynIsZI6ropQiVbLCJlWUUuQTPWWUcZomPKmSImMxK7NUrFSTsopXDUWSUtwK3cZt-7QNV51o5wac5ixhdNKKBls39vmMdRj6dzcgYSy0_XYazkTNsHYkpa123r1q8dq3OP3jGrLYG-sDSLsooFRL0cKhV50Mtp3-JmjB5uET9dZ8R-kJW46ehn5hvMl_AgAA___An6wL">