https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118040
Bug ID: 118040
Summary: GCC's Address Sanitizer misses
'global-buffer-overflow',while clang can detect it
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: 652023330028 at smail dot nju.edu.cn
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
For the following code (https://godbolt.org/z/5qaWasqcn), GCC's ASan seems to
have missed 'global-buffer-overflow' (line 5 of function 'f'):
#include<stdio.h>
static int a1 = 1;
static int *a2 = &a1;
static unsigned short b1 = 0;
static long b2 = 0;
static unsigned short b3 = 0;
static int c = 0;
static char d = 0;
int Arr[10];
static void f(int *p1, int *p2) {
int *t = &c;
*p1 = 4 ^ (*t = 0 < 10) + 0 && 0;
c=Arr[(*t - 32)-1]; //global-buffer-overflow
}
int main() {
f(a2, a2);
printf("%d",b1);
printf("%ld",b2);
printf("%d",b3);
printf("%c",d);
}
There is no report from GCC's AddressSanitizer.
Expected (clang):
==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55b76d461da0
at pc 0x55b76cad0f7b bp 0x7ffc9fa1c850 sp 0x7ffc9fa1c848
READ of size 4 at 0x55b76d461da0 thread T0
#0 0x55b76cad0f7a in f /app/example.c:15:4
#1 0x55b76cad0de6 in main /app/example.c:19:5
#2 0x7324f9829d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId:
490fef8403240c91833978d494d39e537409b92e)
#3 0x7324f9829e3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId:
490fef8403240c91833978d494d39e537409b92e)
#4 0x55b76c9ec354 in _start (/app/output.s+0x2c354)
0x55b76d461da0 is located 32 bytes before global variable 'b2' defined in
'/app/example.c:5' (0x55b76d461dc0) of size 8
0x55b76d461da2 is located 0 bytes after global variable 'b1' defined in
'/app/example.c:4' (0x55b76d461da0) of size 2
SUMMARY: AddressSanitizer: global-buffer-overflow /app/example.c:15:4 in f
