[Bug sanitizer/99418] New: sanitizer checks for accessing multidimentional VLA-array

[vanyacpp at gmail dot com via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418

            Bug ID: 99418
           Summary: sanitizer checks for accessing multidimentional
                    VLA-array
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: vanyacpp at gmail dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

The example below accesses array past its size, but sanitizers don't show any
errors. If I change index m to m + 1 an error will be shown. This makes me
think that compiler does some checks, but perhaps they are incomplete for
multidimentional VLA-arrays.

GCC 10.2.

#include <string>

std::string shortest_match(size_t n, size_t m)
{
    std::string mas[n][m];
    mas[n - 1][m] = ""; // mas[n - 1][m + 1] will show an errors

    return mas[n - 1][m - 1];
}

int main()
{
    shortest_match(4, 3);
}

$ g++ -g -fsanitize=address,undefined -std=c++17 2.cpp && ./a.out 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==26974==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7f59ea2ad2d6 bp 0x000000000000 sp 0x7ffc78389ea0 T0)
==26974==The signal is caused by a WRITE memory access.
==26974==Hint: address points to the zero page.
    #0 0x7f59ea2ad2d6 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long,
unsigned long, char const*, unsigned long) (/lib/libstdc++.so.6+0x13c2d6)
    #1 0x401658 in shortest_match[abi:cxx11](unsigned long, unsigned long)
/home/ivan/2.cpp:6
    #2 0x4019eb in main /home/ivan/2.cpp:13
    #3 0x7f59e950ec7c in __libc_start_main (/lib/libc.so.6+0x23c7c)
    #4 0x4011a9 in _start (/home/ivan/a.out+0x4011a9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/libstdc++.so.6+0x13c2d6) in
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
>::_M_replace(unsigned long, unsigned long, char const*, unsigned long)
==26974==ABORTING