[llvm-bugs] [Bug 45938] New: Off-by-one in array-bounds sanitizer
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri May 15 04:10:37 PDT 2020
https://bugs.llvm.org/show_bug.cgi?id=45938
Bug ID: 45938
Summary: Off-by-one in array-bounds sanitizer
Product: clang
Version: 10.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: LLVM Codegen
Assignee: unassignedclangbugs at nondot.org
Reporter: hahn at absint.com
CC: llvm-bugs at lists.llvm.org, neeilans at live.com,
richard-llvm at metafoo.co.uk
Created attachment 23490
--> https://bugs.llvm.org/attachment.cgi?id=23490&action=edit
Testcase
If the expression a[i] is used in a pre/post inc/dec operation, the sanitizer
of array-bounds treats the expression as &a[i], i.e. it checks for <= bound
instead of < bound, although a[i] is read and written.
I think, the problem can be fixed by replacing EmitLValue by EmitCheckedLValue
in VisitUnaryPostDec and others in clang/lib/CodeGen/CGExprScalar.cpp.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200515/8d9c3ab3/attachment.html>
More information about the llvm-bugs
mailing list