Issue 347 in address-sanitizer: asan does not detect stack buffer overflow for alloca(const)

Sun, 28 Sep 2014 03:19:09 -0700 

Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 347 by [email protected]: asan does not detect stack buffer overflow for alloca(const) 
https://code.google.com/p/address-sanitizer/issues/detail?id=347

What steps will reproduce the problem?
1. Compile and run the following program with -fsanitize=address:

---- 8< ---- (alloca_stack_overflow.c)
#include <alloca.h>

int main()
{
    //int p[3];
    int *p = alloca(3*sizeof(*p));

    p[0] = 0;
    p[1] = 1;
    p[2] = 2;

    p[3] = 3;   // <-- buffer overflow here
// with int p[3] - asan does report, // with int *p = alloca(3*sizeof(*p)) - asan does not report. 

    return 0;
}
---- 8< ----

$ clang-3.6 -fsanitize=address -g -Wall  alloca_stack_overflow.c
$ ./a.out


What is the expected output? What do you see instead?
Expected output: ASAN reports stack-buffer-overflow related to `p[3] = 3` assignment. 

I see: no errors.


What version of the product are you using? On what operating system?

$ clang-3.6 --version
Debian clang version 3.6.0-svn218446-1 (trunk) (based on LLVM 3.6.0)
Target: x86_64-pc-linux-gnu
Thread model: posix

$ uname -a
Linux teco 3.16-2-amd64 #1 SMP Debian 3.16.3-2 (2014-09-20) x86_64 GNU/Linux


Please provide any additional information below.
If I change p declaration to `int p[3]` array - asan reports the problem about stack buffer overflow.
If array is of variable-length - asan does not report the problem, as well as it does not report it for alloca with non-constant argument.
I guess most of the above relates to issue138 (asan should support variable-sized alloca).
The issue is present with both clang and gcc (initially discovered with gcc-4.9.1). 


Thanks beforehand,
Kirill

--
You received this message because this project is configured to send all issue notifications to this address. 
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to