[cfe-dev] Asan bug or feature?

Richard Smith richard at metafoo.co.uk
Mon May 19 13:49:46 PDT 2014


On Mon, May 19, 2014 at 12:51 PM, miroslav.fontan <
miroslav.fontan at wincor-nixdorf.cz> wrote:

> Hi all,
>
> By hunting after address error in our app I have found unexpected asan
> behaviour
>
> Here is a minimal isolated example which runs without address error:
>
> clang++ a.cpp -fsanitize=address
>
> cat a.cpp
>
> char* subroutine()
> {
>         char* p = new char[8]();
>         return p;
> }
>
> int main( int /*argc*/, char** /*argv*/ )
> {
>         char* pc_sub = subroutine();
>         char* pc_main = new char[8]();
>         pc_main[32] = 1; //points to pc_sub, no ERROR :-(
> //      pc_main[16] = 2; //points to bad address ERROR :-)
>         pc_sub[-32] = 3; //points to pc_main, no ERROR :-(
>

Yes, ASan puts a redzone around heap allocations, but that redzone has a
limited size (this is a memory / ability to catch bugs tradeoff). Put
another way, ASan checks that you only use valid addresses, but doesn't
check how those addresses are computed. Do you have some specific question
about this?

        delete[] pc_main;
>         delete[] pc_sub;
>         return 0;
> }
>
> Regards
>
> Miroslav
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140519/0618ef18/attachment.html>


More information about the cfe-dev mailing list