https://llvm.org/bugs/show_bug.cgi?id=23786
Bug ID: 23786
Summary: msan false negative on a trivial uninitialized read
Product: compiler-rt
Version: 3.6
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Memory sanitizer doesn't report the uninitialized read in the call to printf in
the program below. It does, however, report the uninitialized read of the same
object in the return statement when it's executed. Similar false negatives can
be reproduced with similarly simple programs, including the one below the test
case.
$ cat t.c && /build/llvm-trunk/bin/clang -fsanitize=memory -O0 t.c && ./a.out
&& echo SUCCESS && ./a.out 1
#include <stdio.h>
void __attribute__ ((weak)) foo (int *p) { *p = *p + 1; }
int main (int argc, char *argv[]) {
int a;
int *p = &a;
foo (p);
printf ("%i\n", *p);
if (1 < argc) return *p;
}
32756
SUCCESS
32697
==32134==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7fb8d6ce0946 (/build/msan/a.out+0x88945)
#1 0x7fb8d5b4ffe0 (/lib64/libc.so.6+0x1ffdf)
#2 0x7fb8d6c7135f (/build/msan/a.out+0x1935e)
SUMMARY: MemorySanitizer: use-of-uninitialized-value
(/build/msan/a.out+0x88945)
Exiting
Another program for which the sanitizer does't issue a diagnostic:
#include <stdlib.h>
void __attribute__ ((weak)) bar (int n) { exit (n | 1); }
int main (int argc, char *argv[]) {
int a;
bar (a);
}
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
