https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108060
Bug ID: 108060
Summary: UBsan missed an out-of-bound bug at -O0
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
For the following code, UBsan at -O0 missed reporting the out-of-bound access,
while -O1 and above caught it.
Clang could detect it at all optimization levels.
Compiler explorer: https://godbolt.org/z/Tb9Mern7M
% cat a.c
int a[8];
short b;
char c;
int main() {
b = -32768;
a[b] |= c;
}
%
% gcc-tk -O0 -fsanitize=undefined -fno-sanitize-recover=all a.c && ./a.out
Segmentation fault
% gcc-tk -O1 -fsanitize=undefined -fno-sanitize-recover=all a.c && ./a.out
a.c:6:4: runtime error: index -32768 out of bounds for type 'int [8]'
%
Interestingly, if you don't use `-fno-sanitize-recover=all`, none of opt levels
could detect it:
% gcc-tk -O1 -fsanitize=undefined a.c && ./a.out
Segmentation fault
%
