[LLVMbugs] [Bug 23230] New: asan/TestCases/strtol_strict.c is sensitive to heap content
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Tue Apr 14 13:51:55 PDT 2015
https://llvm.org/bugs/show_bug.cgi?id=23230
Bug ID: 23230
Summary: asan/TestCases/strtol_strict.c is sensitive to heap
content
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: unassignedbugs at nondot.org
Reporter: hjl.tools at gmail.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
asan/TestCases/strtol_strict.c has
void test3(char *array, char *endptr) {
// Buffer overflow if base is invalid.
long r = strtol(array - 1, NULL, -1);
assert(r == 0);
}
...
int main(int argc, char **argv) {
char *array = (char*)malloc(3);
char *endptr = NULL;
array[0] = '1';
array[1] = '2';
array[2] = '3';
...
if (!strcmp(argv[1], "test3")) test3(array, endptr);
// CHECK3: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK3: READ of size 5
When array[-1] happens to be '\0', we will get
READ of size 1 at 0x60200000efef thread T0
instead of
READ of size 5 at 0x60200000efef thread T0
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150414/44f30f68/attachment.html>
More information about the llvm-bugs
mailing list