https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107619
Bug ID: 107619
Summary: False positive of -fsanitize=null
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
`gcc-tk -O0 -fsanitize=null` reports a null pointer dereference in `c[0] = *a`,
which I think should not although there is a buffer-overflow in the memcpy.
Interestingly, if you uncomment `int* e[1]`, no error will be warned and the
program exits normally.
Compiler explorer: https://godbolt.org/z/bKhnKhe7d
% gcc-tk -O0 -fsanitize=null a.c && ./a.out
a.c:11:12: runtime error: load of null pointer of type 'int'
Segmentation fault
%
% cat a.c
int main() {
int* a;
// int* e[1];
int b[1];
int c[3];
a = b;
for (int i = 0; i < 3; i++) {
c[i] = 0;
}
__builtin_memcpy(a, c, 3 * sizeof(int));
c[0] = *a;
return 0;
}
%
