| Issue |
52961
|
| Summary |
msan: incorrect origin due to unaligned writes
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
dvyukov
|
Reproducer:
```
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
__attribute__((noinline)) void foobar(char* tmp, short a, int b, short c) {
memcpy(tmp, &a, sizeof(a));
tmp += sizeof(a);
memcpy(tmp, &b, sizeof(b));
tmp += sizeof(b);
memcpy(tmp, &c, sizeof(c));
}
__attribute__((noinline)) char barfoo(short a, int b, int x) {
char tmp[8];
short c = 0;
foobar(tmp, a, b, c);
return tmp[x] == 42;
}
int main(int argc, char** argv) {
volatile short a;
volatile int b;
if (barfoo(a, b, argc > 1 ? atoi(argv[1]) : 0))
printf("bingo!");
}
```
produces:
```
$ clang test.c -O2 -fsanitize=memory -fsanitize-memory-track-origins -g && ./a.out 4
==1560283==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x4a4ad6 in main test.c:23:7
Uninitialized value was created by an allocation of 'tmp' in the stack frame of function 'barfoo'
#0 0x4a4760 in barfoo test.c:13
```
This is wrong, there are no uninit bits that come from `tmp`. All of `tmp` was overwritten by other data.
This is extracted from a KMSAN false positive (and I think I've seen multiple similar ones).
Also see #36554 and #36486 which are also about incorrect origins.
@ramosian-glider @vitalybuka @eugenis
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
