[PATCH] D20334: [libcxx] Fix a bug in strstreambuf::overflow

Akira Hatanaka via cfe-commits cfe-commits at lists.llvm.org
Wed May 25 15:50:10 PDT 2016


ahatanak added a comment.

In http://reviews.llvm.org/D20334#439248, @bcraig wrote:

> ASAN is complaining about an excessively large read.  If the problem was in overflow, I would expect ASAN to complain about an out-of-bounds write instead.


According to the example shown in the link below, ASAN is complaining about an out-of-bounds read:

https://github.com/google/sanitizers/wiki/AddressSanitizerExampleHeapOutOfBounds

This happens because epptr is not set correctly in strstreambuf::overflow. This causes the null terminator to be written to the wrong location, which causes strlen to keep reading the characters past the end of the allocated block.

strstreambuf::overflow is allocating a memory block that is sufficiently large, so ASAN doesn't complain about an out-of-bounds write.


http://reviews.llvm.org/D20334





More information about the cfe-commits mailing list