[cfe-dev] Asan fails to report global buffer overflow if global buffer is not initialized

Shi, Steven via cfe-dev cfe-dev at lists.llvm.org
Wed Oct 19 03:25:25 PDT 2016


Hi Kcc,
I find both clang and gcc fail to report global buffer overflow if global buffer is not initialized. Below is my test code and build commands. Please advise.

#include <stdio.h>
int global_array[11];
int main(int argc, char **argv) {
  int Num;
  Num = 11;
  global_array[Num] = 0x87654321; // global buffer overflow
  printf("global_array[%d]=0x%x\n", Num, global_array[Num]);
  return global_array[Num];

}

$clang global.c -fsanitize=address -g -O0
$ ./a.out
global_array[11]=0x87654321
$gcc-5 global.c -fsanitize=address -g -O0
$ ./a.out
global_array[11]=0x87654321


But both clang and gcc can report global buffer overflow if global buffer first item is initialized as below.

#include <stdio.h>
int global_array[11]={0};
int main(int argc, char **argv) {
  int Num;
  Num = 11;
  global_array[Num] = 0x87654321; // global buffer overflow
  printf("global_array[%d]=0x%x\n", Num, global_array[Num]);
  return global_array[Num];

}


$clang global.c -fsanitize=address -g -O0
$ ./a.out
=================================================================
==12162==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013808ec at pc 0x0000004eede1 bp 0x7ffe2ae3a490 sp 0x7ffe2ae3a488
WRITE of size 4 at 0x0000013808ec thread T0
    #0 0x4eede0 in main /home/jshi19/sanitizer/MSVS_GS_Compare/global.c:41:21
    #1 0x7f83c62a582f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#2 0x419228 in _start (/home/jshi19/sanitizer/MSVS_GS_Compare/a.out+0x419228)
....


Steven Shi
Intel\SSG\STO\UEFI Firmware

Tel: +86 021-61166522
iNet: 821-6522

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20161019/7ef680f6/attachment.html>


More information about the cfe-dev mailing list