[llvm-dev] [cfe-dev] Buildling with/without AddressSanitizer causes divergent execution behaviour

Kostya Serebryany via llvm-dev llvm-dev at lists.llvm.org
Wed Feb 17 11:05:10 PST 2016

On Wed, Feb 17, 2016 at 10:57 AM, Reid Kleckner <rnk at google.com> wrote:

> On Wed, Feb 17, 2016 at 10:48 AM, Dan Liew <dan at su-root.co.uk> wrote:
>> Hi,
>> Well I dug into Z3's codebase a little more and figured out what the
>> problem was. If you're curious see [1].
> Neat bug. :)
>> What worries me more is that prior to a heap-use-after-free being
>> reported there an out of bounds write occurs but ASan doesn't catch it
>> which seems like a bug to me. Note I'm using Clang 3.7.1
>> ...
>> This seems like a bug to me. Thoughts?
> m_segments is at the end of the clause_allocator object, which I'm
> assuming is allocated in another object sls here:
>         clause_allocator m_alloc;              // clause allocator
>         clause_vector    m_bin_clauses;        // binary clauses
> The out-of-bounds access probably touches memory in m_bin_clauses.
> One of ASan's limitations is that it can't currently catch intra-object
> overflow:
> https://github.com/google/sanitizers/wiki/AddressSanitizerIntraObjectOverflow
> There's a prototype that adds padding to make it possible to catch this
> kind of bug, but I haven't seen anyone pushing it forward for a while now.
For practical purposes this does not exist yet :(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160217/53468bb3/attachment.html>

More information about the llvm-dev mailing list