[LLVMbugs] [Bug 20721] New: UBSan can read past valid memory region
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Aug 21 06:50:40 PDT 2014
http://llvm.org/bugs/show_bug.cgi?id=20721
Bug ID: 20721
Summary: UBSan can read past valid memory region
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: unassignedbugs at nondot.org
Reporter: y.gribov at samsung.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
It looks like currently when reporting context for memory-related errors, UBSan
may read past the end of valid memory region causing segfaults. The related
code is in renderMemorySnippet (in ubsan_diag.cc):
// Emit data.
for (uptr P = Min; P != Max; ++P) {
// FIXME: Check that the address is readable before printing it.
unsigned char C = *reinterpret_cast<const unsigned char*>(P);
Printf("%s%02x", (P % 8 == 0) ? " " : " ", C);
}
Printf("\n");
Here Max is usually Addr + 28 thus potentially overflowing valid memory range.
Unfortunately I don't have a proper reprocase because the error does not
reproduce on current GCC trunk on x64. But this does appear in GCC autotests
e.g. see https://gcc.gnu.org/ml/gcc-testresults/2014-08/msg02038.html :
FAIL: c-c++-common/ubsan/align-4.c -O2 -flto -fuse-linker-plugin
-fno-fat-lto-objects execution test.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140821/dbbc9b17/attachment.html>
More information about the llvm-bugs
mailing list