https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89298
Bug ID: 89298
Summary: Address-Sanitizer false positive for
global-buffer-overflow?
Product: gcc
Version: 8.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: lee_shao at 126 dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Hi,
In my program, the ASAN report ERROR global-buffer-overflow on several global
variables.
However,I'm sure that I use the global variables in the right way, like this:
In AAA.c
//define a global var
int g_var_a;
........
........
g_var_a =1; //ASAN report global-buffer-overflow right here!
According to the formula, Shadow = (Mem >> 3) + 0x20000000, the value of the
shadow memory of the global var **g_var_a** is F9 ( Global Redzone),witch
confuses me very much!
I use GCC8.1.0 to compile my project on SUSE Linux Enterprise Server 12.
The application is compiled like this:
1. A.c + B.c -> GCC8.1 ASan -> libproblem.so
2. C.c + libproblem.so --> GCC8.1 ASan --> App
3. In A.c :
... globals ...
unsigned int g_var =0;
... globals ...
In B.c :
extern unsigned int g_var =0;
..........
void fun(){
.....
g_var =0; //ASan report global-buffer-overflow right here!
.....
}
I found that:
1. The global g_var is located 0 bytes to the right of another global
variable,that is , no redzone is inserted between them
2. Under normal circumstances, $ nm App > nm.log we can get the addresses of
globals g_var and __odr_asan.g_var ;
However, when it goes wrong, there is no symbol __odr_asan.g_var
