Hi,

I just saw this tweet by John Regehr:
https://twitter.com/johnregehr/status/688033344580399104

He found a code example with a pretty obvious out of bounds stack read
that asan doesn't catch with -O or -O2 (equivalent). I checked this
with both current gcc and clang.

This is a stripped down example:
int main() {
        int b[1] = {0};
        int a=-1;
        printf("%i\n", b[a]);
}


I am a bit surprised, because this looks like a poster child example of
the kind of bug asan can find. But somehow the optimization
seems to break the asan check here.

I now wonder how many bugs keep being hidden because of this, as -O2 is
a pretty common default setting for compilations.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42

-- 
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Attachment: pgpQmF2J6m6ut.pgp
Description: OpenPGP digital signature

Reply via email to