Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 397 by [email protected]:
thread_stats.malloced_by_size[class_id] overflow in asan_allocator.cc
https://code.google.com/p/address-sanitizer/issues/detail?id=397
What version of the product are you using? On what operating system?
Clang 3.7, x86_64-unknown-linux-gnu
Please provide any additional information below.
Performing static analysis for ASan via Coverity Prevent tool, I've
noticed, that thread_stats.malloced_by_size[class_id] from can be
overflowed in Allocate function from asan_allocator.cc.
Here:
$ cat lib/asan/asan_allocator.cc
....................................
uptr class_id =
Min(kNumberOfSizeClasses, SizeClassMap::ClassID(needed_size));
thread_stats.malloced_by_size[class_id]++;
If class_id == kNumberOfSizeClasses == 255, than we access
thread_stats.malloced_by_size[255] and overflow
thread_stats.malloced_by_size array.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
