https://bugs.llvm.org/show_bug.cgi?id=45030
Bug ID: 45030
Summary: Bounds sanitizer instruments [0] array inside a union
Product: clang
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
It looks like bounds sanitizer treats unions as structs, and all flex arrays
except for the last one are being checked (while none of them should):
```
#include <stdlib.h>
typedef union {
char foo[0];
void *bar[0];
void *buz[0];
} flexi;
void repro(int i) {
flexi *a = (flexi*) malloc(50);
a->foo[i] = 0; // this will be instrumented
a->bar[i] = 0; // this will be instrumented
a->buz[i] = 0; // this won't be instrumented
free(a);
}
```
Compile with `-fsanitize=bounds`
->bar and ->buz are semantically the same, but only one of them gets flex array
exception. ->foo also shouldn't be instrumented.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
