<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/124484>124484</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            sanitizer: crashes when flags contain GLOB_DOOFFS and offset is not null
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          sthibaul
      </td>
    </tr>
</table>

<pre>
    Hello,

For instance, this:

```
#include <string.h>
#include <glob.h>
int main(void) {
  glob_t g;
  memset(&g, 0, sizeof(g));
  g.gl_offs = 1;
  glob("*", GLOB_DOOFFS, NULL, &g);
 return 0;
}
```

crashes with

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2734336==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9f1b93aec6 bp 0x7ffe664ee1a0 sp 0x7ffe664ed938 T0)
==2734336==The signal is caused by a READ memory access.
==2734336==Hint: address points to the zero page.
 #0 0x7f9f1b93aec6 in __sanitizer::internal_strlen(char const*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:176
    #1 0x7f9f1b89920f in unpoison_glob_t ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2346
 #2 0x7f9f1b8ed26f in glob ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2422
 #3 0x55e1afb552a0 in main (/home/samy/test+0x12a0) (BuildId: 6a2b7870466624765046114b28178ff268479b85)
    #4 0x7f9f1b633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #5 0x7f9f1b633e24 in __libc_start_main_impl ../csu/libc-start.c:360
    #6 0x55e1afb550e0 in _start (/home/samy/test+0x10e0) (BuildId: 6a2b7870466624765046114b28178ff268479b85)
```


because libasan does not take care of GLOB_DOOFFS.

Something like the attached patch would be needed, I however don't know how libasan would cope with the OS-specific value of `GLOB_DOOFFS`

[patch.txt](https://github.com/user-attachments/files/18552023/patch.txt)
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzUVktv4zYQ_jX0ZRCDGup58EGJo90Fgg2QbAv0ZFDSSGKXJgWRymN_fUHJSdxk0R7aHmoIojkkZ775OA9J51RviHYsuWTJfiNnP9hp5_ygajnrTW3b591n0toyvGK8ZLys7ATKOC9NQwyvwA_KMVGuiyzlp4eXDIUyjZ5bAiaunJ-U6bcDE9cf1npt65cVZTwcpTIM8werWoYFsOyS8RIgbDt46JlY50c6OvIMc4ZpH6Dw8HLqB9mOYd4zLMJz2t1ve32wXeeAiT1Er2Jt60UFMiyX9xV8urm9POxvb6vqPky__nJzE8bVzIvCifw8GeDrlGX79-7zspmkG8jBo_LDR37Ktp3IuXtplFc_aGKi3F-X-5vf7r98-lrehN1i_79_XrzATMRCpOvk-u7u9o6JEn7CAdxff_oVrIHZfDf20YBc9wB_4mc_YJiPDfCnrCu6qC6EpCaFelwkHaVpTBRJDu5c0hYih288XOJPcX0bCEJCSA3KQSNnRy3UzyDh7rrch4Cz0zPIpiHntj9X8VkZH7x4QT1aZbwDb8EPBD9osjDKnsJpYCj4ew-UgcPBnfHBRMgJmozUB-cnTSE1mkFO0Fjj_BK1BWy3DKt3Lzc1DCut6jd1WL3-PzT2eLTmTyKt6mbbjCMTZZSlS35AQBm9osyLAnkXUM5mtMpZczil5b-DYBUdFo8bGr2d3FaZhokSRZyeSMM3ONRiusAJKP57DDHiCYMA_pQkFMmuThKUPGAIdQuWYlIN9kiL0uMzw8pTuKhL_hSh5EtJw_xyVrr90oZYSSXWWZ7xOE1TjLM04XEaRXGNeZTlXYdpHmdFnSdr3J7uJH4lIRWiTbM1csINHpyXkz80UuvDAmnl4dm1NDqGlRm9Xin5sDVU4TLJ36wk51YI4w9WwqmDOo56tdK4-aT6YlnfBtrEUu9OGtNz4jgtxK26_oY6Tv-Yunf1mfGypiXLQataOmmgteTAWA9efido5ERgu_OGsF3P3dsj-UGZHrT6TktuS-9lM1ALo_TNAI921i3UBIaopTY0kC8w2Ed6oAnaEHKZh1DhgvDV_nqqsSMtXWNRfHt_4UZqVKcaeJB6XiCxlJ-3qVeXksvF_NY_eZbsGeaD9-PSoLFiWPXKD3O9beyRYTU7mi5W2EcyPsRGpzSFMcqTBDkKhtWbPiw27U60hSjkhnZRJrJCiARxM-yKjhdd1kpBkSBR55xn2EW1SKIsEVEhNmqHHBMeYYoiymPcRiKLeSSyKO1Em2cxizkdpdJbrR-OWzv1G-XcTLsI4ziPN1rWpN3ynYJo6BGW1dCwk_1m2oVDF_XcOxZzrZx3b2q88pp25yUVXhvzQAY6LXsXiqkPuXJGKkjTQvhiIB_aQYgKM2u9mSe9-wtWg-HTcDFO9ndqPMNqgbswu_rzsMM_AgAA__8ATsor">