Thank you. - Rick C. Hodgin
On Monday, October 23, 2017 at 1:43:38 PM UTC-4, Matt Morehouse wrote: > > ASan should not complain in this case since all accesses occur within the > allocated buffer. Only the actual reads and writes are checked. > > On Mon, Oct 23, 2017 at 10:09 AM, Rick C. Hodgin <[email protected] > <javascript:>> wrote: > >> I have a simple C structure that looks like this: >> >> struct SExample >> { >> int total_bytes; >> int id; >> int some_other_code; >> }; >> >> And it is used in code like this: >> >> const char text1[] = "some data"; >> int length = sizeof(SExample + sizeof(int) + strlen(text1); >> SExample* e = (SExample*)malloc(length); >> >> What kind of behavior can I expect when I go to access the structure e in >> the following manner? >> >> if (e) >> { >> // Copy fixed portion: >> e->total_bytes = length; >> e->id = 0; >> e->some_other_code = 0x1234; >> >> // Copy variable portion: >> *(int*)(e + 1) = strlen(text1); >> memcpy((char*)(e + 1) + sizeof(int), text1, strlen(text1)); >> } >> >> Note: This results in a structure something like this: >> >> [29] [0] [0x1234] [9] ["some data"] >> >> It's all referenced based on the fixed size portion of e, but there are >> cases where (e + 1) is used to access the end of the fixed block, which is >> the start of the variable block. >> >> Do sanitizers handle this without error properly? (Note: I do not have >> tools setup which allow me to test this) >> >> Can I assume that because e was allocated with malloc() large enough to >> encompass total_size bytes, all accesses will be okay? Or are there >> calculations which recognize in this case that (e + 1) starts a new >> SExample struct which ultimately reaches into data space beyond the end of >> the allocated malloc() block, and therefore while some portions of e would >> be invalid, some parts would also be invalid. Would the sanitizer capture >> that error potential before any data is written to? Or is it merely >> response to actual reads and writes? >> >> Thank you, >> Rick C. Hodgin >> >> -- >> You received this message because you are subscribed to the Google Groups >> "address-sanitizer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
