[PATCH] D20334: [libcxx] Fix a bug in strstreambuf::overflow
Akira Hatanaka via cfe-commits
cfe-commits at lists.llvm.org
Wed May 25 15:50:10 PDT 2016
ahatanak added a comment.
In http://reviews.llvm.org/D20334#439248, @bcraig wrote:
> ASAN is complaining about an excessively large read. If the problem was in overflow, I would expect ASAN to complain about an out-of-bounds write instead.
According to the example shown in the link below, ASAN is complaining about an out-of-bounds read:
https://github.com/google/sanitizers/wiki/AddressSanitizerExampleHeapOutOfBounds
This happens because epptr is not set correctly in strstreambuf::overflow. This causes the null terminator to be written to the wrong location, which causes strlen to keep reading the characters past the end of the allocated block.
strstreambuf::overflow is allocating a memory block that is sufficiently large, so ASAN doesn't complain about an out-of-bounds write.
http://reviews.llvm.org/D20334
More information about the cfe-commits
mailing list