https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110814
Bug ID: 110814
Summary: Address Sanitizer misses 'global-buffer-overflow' for
const arrays
Product: gcc
Version: 13.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: egor_suvorov at mail dot ru
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Consider the following code (https://godbolt.org/z/ddz6q8xra):
const int a[1];
int b[1];
int main() {
int x = a[1]; // line 4
int y = b[1]; // line 5
}
Here GCC's ASan fails in the line 5 only, completely missing array overflow for
'a' in line 4:
==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000404124
at pc 0x0000004011ad bp 0x7fffbe0976e0 sp 0x7fffbe0976d8
READ of size 4 at 0x000000404124 thread T0
#0 0x4011ac in main /app/example.c:5
#1 0x7f01c82ad082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId:
1878e6b475720c7c51969e69ab2d276fae6d1dee)
#2 0x4010ad in _start (/app/output.s+0x4010ad) (BuildId:
8b89d3acf504057c132647f3c9558b7377ff8ce0)
0x000000404124 is located 0 bytes after global variable 'b' defined in
'/app/example.c:2:5' (0x404120) of size 4
SUMMARY: AddressSanitizer: global-buffer-overflow /app/example.c:5 in main
The only different between lines 4 and 5 is that 'a' is const. Clang's ASan
correctly catches the error in line 4.
