https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112100
Bug ID: 112100
Summary: ubsan: misses UB when modifying std::string's trailing
\0
Product: gcc
Version: 13.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jengelh at inai dot de
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Input:
#include <string>
int main()
{
std::string s="fooooooooooooooooooooooooooo";
s[s.size()] = 0xff;
}
Observed:
$ g++ x.cpp -v -Wall -ggdb3 -fsanitize=undefined,address && ./a.out
gcc version 13.2.1 20230912 [revision b96e66fd4ef3e36983969fb8cdd1956f551a074b]
(SUSE Linux)
(no runtime output by executable)
Expected:
==55843==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xsomething
https://eel.is/c++draft/string.access specifies the modification of the NUL
char's position to values other than \0 is UB, so it should warn about this.
