Hi, I just saw this tweet by John Regehr: https://twitter.com/johnregehr/status/688033344580399104
He found a code example with a pretty obvious out of bounds stack read that asan doesn't catch with -O or -O2 (equivalent). I checked this with both current gcc and clang. This is a stripped down example: int main() { int b[1] = {0}; int a=-1; printf("%i\n", b[a]); } I am a bit surprised, because this looks like a poster child example of the kind of bug asan can find. But somehow the optimization seems to break the asan check here. I now wonder how many bugs keep being hidden because of this, as -O2 is a pretty common default setting for compilations. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to address-sanitizer+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
pgpQmF2J6m6ut.pgp
Description: OpenPGP digital signature