-
Notifications
You must be signed in to change notification settings - Fork 14.5k
Closed
Labels
clang:codegenIR generation bugs: mangling, exceptions, etc.IR generation bugs: mangling, exceptions, etc.compiler-rt:ubsanUndefined behavior sanitizerUndefined behavior sanitizer
Description
Using -fsanitize=pointer-overflow
doesn't appear to provide any checking on pointer math. GCC's implementation correctly triggers if NULL
is operated on or if a value would wrap around.
https://godbolt.org/z/1c6ec9TTP
#include <stdlib.h>
#include <stdio.h>
/* Using stderr for all output or else godbolt doesn't intermix output. */
int main(int argc, char *argv[]) {
void *p = NULL;
fprintf(stderr, "%p (%zu)\n", p, (unsigned long)p);
/* argc is a stand-in for "1" to avoid optimization */
p -= argc;
fprintf(stderr, "%p (%zu)\n", p, (unsigned long)p);
p += argc;
fprintf(stderr, "%p (%zu)\n", p, (unsigned long)p);
return 0;
}
Clang just shows the value wrapping:
(nil) (0)
0xffffffffffffffff (18446744073709551615)
(nil) (0)
But GCC will catch it:
(nil) (0)
/app/example.c:11:7: runtime error: applying non-zero offset 18446744073709551615 to null pointer
0xffffffffffffffff (18446744073709551615)
/app/example.c:15:7: runtime error: applying non-zero offset to non-null pointer 0xffffffffffffffff produced null pointer
(nil) (0)
Metadata
Metadata
Assignees
Labels
clang:codegenIR generation bugs: mangling, exceptions, etc.IR generation bugs: mangling, exceptions, etc.compiler-rt:ubsanUndefined behavior sanitizerUndefined behavior sanitizer