ASan should not complain in this case since all accesses occur within the allocated buffer. Only the actual reads and writes are checked.
On Mon, Oct 23, 2017 at 10:09 AM, Rick C. Hodgin <[email protected]> wrote: > I have a simple C structure that looks like this: > > struct SExample > { > int total_bytes; > int id; > int some_other_code; > }; > > And it is used in code like this: > > const char text1[] = "some data"; > int length = sizeof(SExample + sizeof(int) + strlen(text1); > SExample* e = (SExample*)malloc(length); > > What kind of behavior can I expect when I go to access the structure e in > the following manner? > > if (e) > { > // Copy fixed portion: > e->total_bytes = length; > e->id = 0; > e->some_other_code = 0x1234; > > // Copy variable portion: > *(int*)(e + 1) = strlen(text1); > memcpy((char*)(e + 1) + sizeof(int), text1, strlen(text1)); > } > > Note: This results in a structure something like this: > > [29] [0] [0x1234] [9] ["some data"] > > It's all referenced based on the fixed size portion of e, but there are > cases where (e + 1) is used to access the end of the fixed block, which is > the start of the variable block. > > Do sanitizers handle this without error properly? (Note: I do not have > tools setup which allow me to test this) > > Can I assume that because e was allocated with malloc() large enough to > encompass total_size bytes, all accesses will be okay? Or are there > calculations which recognize in this case that (e + 1) starts a new > SExample struct which ultimately reaches into data space beyond the end of > the allocated malloc() block, and therefore while some portions of e would > be invalid, some parts would also be invalid. Would the sanitizer capture > that error potential before any data is written to? Or is it merely > response to actual reads and writes? > > Thank you, > Rick C. Hodgin > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
