<div dir="ltr"><div>+Marshall</div><div><br></div>Hi Dennis, <div><br></div><div>With libc++ the annotations in the std::vector work for me: </div><div><br></div><div># test file from <a href="https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow" rel="noreferrer" target="_blank" style="font-size:12.8px">https://github.com/google/sani<wbr>tizers/wiki/AddressSanitizerCo<wbr>ntainerOverflow</a></div><div><div>clang++ -fsanitize=address co.cc -stdlib=libc++ && ./a.out </div><div>=================================================================</div><div>==11644==ERROR: AddressSanitizer: container-overflow</div></div><div><br></div><div>This is not the most frequent kind of bug, but we catch it reliably. </div><div>E.g. these are trophies at oss-fuzz:</div><div><a href="https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=status%3AFixed%2CVerified+Type%3ABug%2CBug-Security+-component%3AInfra++container-overflow+&colspec=ID+Type+Component+Status+Proj+Reported+Owner+Summary&cells=ids">https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=status%3AFixed%2CVerified+Type%3ABug%2CBug-Security+-component%3AInfra++container-overflow+&colspec=ID+Type+Component+Status+Proj+Reported+Owner+Summary&cells=ids</a><br></div><div><br></div><div>In the fresh libstdc++ the annotations also seem to be present, but I did not verify that they work. </div><div><br></div><div>We did not annotate any other STL container in libc++ nor in libstdc++. </div><div>Our work on annotating std::string in STL got stuck in review for several months, then we stopped pushing. </div><div>Marshall, do you think we should try again? </div><div><br></div><div>--kcc </div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 6, 2017 at 5:06 AM, Dennis Luehring via llvm-dev <span dir="ltr"><<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://llvm.org/devmtg/2014-04/PDFs/LightningTalks/EuroLLVM%202014%20--%20container%20overflow.pdf" rel="noreferrer" target="_blank">https://llvm.org/devmtg/2014-0<wbr>4/PDFs/LightningTalks/EuroLLVM<wbr>%202014%20--%20container%<wbr>20overflow.pdf</a><br>
<br>
<a href="https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow" rel="noreferrer" target="_blank">https://github.com/google/sani<wbr>tizers/wiki/AddressSanitizerCo<wbr>ntainerOverflow</a><br>
<br>
and followed some discussion from ~2014<br>
<br>
are libc++ and stdlibc++ now fully annotated?<br>
<br>
my tests with clang 5.x/gcc 7.x does not report any error on container missuse<br>
<br>
______________________________<wbr>_________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-dev</a><br>
</blockquote></div><br></div>