[llvm-dev] Known limitation or intra-object-overflow not working?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[llvm-dev] Known limitation or intra-object-overflow not working?

Bruce Hoult via llvm-dev
Hello,

normally buffer overflows are detected by address sanitizer. Then I
recognized, that this is not the case, if the array is located inside a
structure. Thus I created a small example (test.c):

struct xxx {

    int a;

    int buffer[10];

    int b;

};


int main(void) {

    struct xxx var;

    int buffer[10];

    int count;


    for (count = 0; count <=10; count++) {

       var.buffer[count] = count;

       buffer[count] = count;

    }

    return 0;

}

The command I used is: clang -g -fsanitize=address
-fsanitize-address-field-padding=2 test.c

The clang version I used is: clang version 5.0.0

When I run the executable, I get a stack-buffer-overflow. But the
buffer-overflow of the array inside the structure, which happens before
the stack-buffer overflow, is not detected by address sanitizer.

My question is now: Is this a known limitation of the address sanitizer
or is the intra-object-overflow not working correct?


Thanks,

   Stefan

_______________________________________________
LLVM Developers mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev