[llvm-bugs] [Bug 45938] New: Off-by-one in array-bounds sanitizer

via llvm-bugs llvm-bugs at lists.llvm.org
Fri May 15 04:10:37 PDT 2020


            Bug ID: 45938
           Summary: Off-by-one in array-bounds sanitizer
           Product: clang
           Version: 10.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: LLVM Codegen
          Assignee: unassignedclangbugs at nondot.org
          Reporter: hahn at absint.com
                CC: llvm-bugs at lists.llvm.org, neeilans at live.com,
                    richard-llvm at metafoo.co.uk

Created attachment 23490
  --> https://bugs.llvm.org/attachment.cgi?id=23490&action=edit

If the expression a[i] is used in a pre/post inc/dec operation, the sanitizer
of array-bounds treats the expression as &a[i], i.e. it checks for <= bound
instead of < bound, although a[i] is read and written.

I think, the problem can be fixed by replacing EmitLValue by EmitCheckedLValue
in VisitUnaryPostDec and others in clang/lib/CodeGen/CGExprScalar.cpp.

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200515/8d9c3ab3/attachment.html>

More information about the llvm-bugs mailing list