[LLVMbugs] [Bug 18484] New: address sanitizer doesn't point out the specific variable

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Jan 14 23:38:46 PST 2014 

http://llvm.org/bugs/show_bug.cgi?id=18484

            Bug ID: 18484
           Summary: address sanitizer doesn't point out the specific
                    variable
           Product: clang
           Version: 3.3
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: metherid at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

https://www.youtube.com/watch?v=JSjoCisIHcM (1:08) suggests that clang with
address sanitizer should be able to pin point the specific variable that causes
the overflow.  However my test doesn't show that (admittedly this is C as
opposed to C++ as shown in the video)

$clang literal.c -g -fsanitize=address -o literal

$./literal
=================================================================
==12001==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffc21cf925 at pc 0x41ccbf bp 0x7fffc21cf870 sp 0x7fffc21cf028
WRITE of size 6 at 0x7fffc21cf925 thread T0
    #0 0x41ccbe (/home/rahul/work/literal+0x41ccbe)
    #1 0x42d39b (/home/rahul/work/literal+0x42d39b)
    #2 0x32b3421d64 (/usr/lib64/libc-2.18.so+0x21d64)
    #3 0x42d1cc (/home/rahul/work/literal+0x42d1cc)
Address 0x7fffc21cf925 is located in stack of thread T0 at offset 101 in frame
    #0 0x42d29f (/home/rahul/work/literal+0x42d29f)
  This frame has 3 object(s):
    [32, 40) 'tabHeader'
    [96, 101) 'header'
    [160, 168) 'testme'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
  0x100078431ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431f10: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
=>0x100078431f20: f2 f2 f2 f2[05]f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4
  0x100078431f30: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431f50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100078431f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==12001==ABORTING


$cat literal.c
#include <stdio.h>
#include <string.h>
int main (void)
{
    const char *tabHeader = "Sound";
    char header[5]; // = "Merry";
    strcpy(header,"Merry");

    const char *testme="whatever";
    puts(tabHeader);
    puts(header);
    puts(testme);
}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140115/0700dee9/attachment.html>

More information about the llvm-bugs mailing list