Hi, I just saw this tweet by John Regehr: https://twitter.com/johnregehr/status/688033344580399104
He found a code example with a pretty obvious out of bounds stack read
that asan doesn't catch with -O or -O2 (equivalent). I checked this
with both current gcc and clang.
This is a stripped down example:
int main() {
int b[1] = {0};
int a=-1;
printf("%i\n", b[a]);
}
I am a bit surprised, because this looks like a poster child example of
the kind of bug asan can find. But somehow the optimization
seems to break the asan check here.
I now wonder how many bugs keep being hidden because of this, as -O2 is
a pretty common default setting for compilations.
--
Hanno Böck
http://hboeck.de/
mail/jabber: [email protected]
GPG: BBB51E42
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
pgpQmF2J6m6ut.pgp
Description: OpenPGP digital signature
