<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/129951>129951</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            off-by-one error in -fsanitizer=bounds when addressing a pointer instead of an integral
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          kees
      </td>
    </tr>
</table>

<pre>
    The bounds sanitizer does not trip when accessing the address of the last array element (but does if it accessed as an integral). For example:

#include <stdlib.h>
#include <stdio.h>

#define SIZE 3

struct foo {
    int count;
    int array[SIZE];
};

volatile int zero = 0; // hide const expression size from optimizer

int main(int argc, char *argv[]) {
    int size = SIZE + zero;
    // include trailing space to avoid segfaults on "out of bounds" access
    struct foo *p = calloc(1, sizeof(*p) + sizeof(int) + sizeof(int));

    // this correctly trips sanitizer:
    int val = p->array[size];
    printf("%d\n", val);

    // this does not?!
 int *valp = &p->array[size];
    printf("%p %d\n", valp, *valp);

 // but this does...
    int *val2 = &p->array[size + 1];
    printf("%p %d\n", val2, *val2);

    return 0;
}

Built with: -O2 -Wall -fstrict-flex-arrays=3 -fsanitize=bounds

./example.c:19:23: runtime error: index 3 out of bounds for type 'int [3]'
0
0xd0b42c0 0
./example.c:27:26: runtime error: index 4 out of bounds for type 'int [3]'
0xd0b42c4 0

This was noticed while using the "counted_by" attribute on a flexible array, but it is present even with fixed-size arrays.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJyUVcGO4zYM_RrmQsSwJXuSHHxIJhugpx66QIFeClmiY7WKZEhyJtmvLyQ7M9nt7gILeMaOKJFPj4-kCEGfLVELzQGa40pMcXC-_ZcorDqn7u3ngbBzk1UBg7A66i_kUTkKaF3E6PWIbwNZFFJSCNqeMQ6EQilPIaDr808jQkThvbgjGbqQjQhs201x9qR71HHxQApFQGFR20hnLwywXYEn55Fu4jIaAr6HMj-MayvNpAiBv4aojO6KAfin79m0ezdlq6JeW8I_fvvrE_J5NUQ_yYi9cwibA5R7REwoULrJRuDPS_ku0BzSeWiOsxE2j49yf3VGRG0o7_5C3iHwI5bADwjsBOyEg1aE0tkQkW5jYks7i0F_Iey9u6Abo74ktmeHyc9FaAtsOwM4S2CvKAfhEdhe-PN1TiGw3Tf4s88UPt8W2CED-rjQAuhBWPRCm5TIMApJGB2Kq9MKA517MZkY0FkExtwUU35ncQBjSwIXp89ssv2Y40thjJPAtlWCnmC5Htg22TNqdvhY1Db-YC09D5qf4MdBB5TOe5LR3LMynyQ7q-bByFWYDGhcA__0yGUK857LtHP02sYZIAPWKGhebf58TQ5-BuNRH8BPwKq0QWfJ76_CzFQAe_ml4CP-H8GY3ovTr9AsUFJ9vcMpiuKJgPkU-yGUzHv1q4DYByD2LT2e4uRtroClVLLpMGkT8U3HAfge178zXP8pjMF1H6LXMq57Q7d1hhaAH3kyLDkFfly0lz0VwE5Liygk8H21A75nPLn1k436Qkjeu6QE1FbRDTl-JWHsncd4H9PlN5mk5sBzQW2g3Jfp76bKrmayxPI7Adkm_Xv5ScD6lwIuweocDMr955TKN5GFpSUpfBtSg5nemy4wllsVqb-7ey7IGL3upkipYgUmKnVnaOle7DUrREfUAVMDSm2ZrmRzOrDXN1LrLIaZ_mKlWq52fCdW1FabumJVXW_4ami3UlHdiK2sVNVst73cbXjJS9l0m7qn7mWlW1aypuRlw1hdVbx4UWoru67esBd6KRsFdUkXoU1hzPVSOH9e6RAmaiu22zXVyoiOTMgzijFLb5itSXjNceXbdGjdTecAdWl0iOHDTdTRUOv6ft3d184uKUFtn4Tk35W0jLJ5eCVaBY4uDaJ0IkQSKmXvaTitJm_aIcYxpAaTy-6s4zB1hXQXYKeEY3mtR-_-IRmBnTL6AOy0XO_asv8CAAD__20lTko">