[cfe-dev] Detecting undefined pointer arithmetic

Demi M. Obenour via cfe-dev cfe-dev at lists.llvm.org
Sun Jan 10 23:39:52 PST 2021


I noticed that none of the sanitizers seems to support checking for
out-of-bounds pointer arithmetic, even though my understanding of
the C standard is that this is undefined behavior.  In particular, I
believe the following trivial program has undefined behavior (assuming
malloc() succeeds), but none of the sanitizers flag any warnings:

#include <stdlib.h>
int main(void) {
   char *buf = malloc(1);
   if (buf) {
      char *this_is_ub = buf + 3;
      free(buf);
   }
}

Of course, I suspect this just has not been implemented yet, but
it still leaves me at a loss for how to track this form of UB down.
Is there a better solution than manual code review?

Sincerely,

Demi Obenour

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210111/ef2edccf/attachment.sig>


More information about the cfe-dev mailing list