Hi Paul,
In a testdir of the 'mcel' module, compiled with "gcc -fsanitize=address"
(and CFLAGS="-O0 -fno-omit-frame-pointer -ggdb" and
ASAN_OPTIONS="detect_leaks=0 abort_on_error=1"), I see this test failure:
ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc6de32ad3 at pc
0x55865824aed5 bp 0x7ffc6de32910 sp 0x7ffc6de32900
READ of size 1 at 0x7ffc6de32ad3 thread T0
#0 0x55865824aed4 in mcel_scant ../../gllib/mcel.h:280
#1 0x55865824af28 in mcel_scanz ../../gllib/mcel.h:291
#2 0x55865824a34b in main ../../gltests/test-mcel.c:133
#3 0x7f10e5a77d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#4 0x7f10e5a77e3f in __libc_start_main_impl ../csu/libc-start.c:392
#5 0x5586582482e4 in _start
(/GNULIB/testdir2/build-64/gltests/test-mcel+0x22e4)
Address 0x7ffc6de32ad3 is located in stack of thread T0 at offset 307 in frame
#0 0x5586582487fb in main ../../gltests/test-mcel.c:48
This frame has 11 object(s):
[32, 36) 'ch' (line 117)
[48, 56) 'prev' (line 53)
[80, 88) 'c' (line 56)
[112, 120) 'c' (line 80)
[144, 152) 'c' (line 96)
[176, 184) 'c' (line 119)
[208, 216) 'd' (line 129)
[240, 248) 'z' (line 133)
[272, 280) 'mbs' (line 116)
[304, 307) 'ijk' (line 115) <== Memory access at offset 307 overflows this
variable
[320, 324) 'ijkt' (line 128)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../gllib/mcel.h:280 in
mcel_scant
Bruno
