https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107586
Bug ID: 107586 Summary: gcc trunk missed a stack-buffer-overflow Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: shaohua.li at inf dot ethz.ch CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- For the following code, `gcc-tk -fsanitize=address -O2` successfully detected the buffer-overflow in `memcpy()`. However, I found that when you uncomment the line `int *f = &e[0]`, the ASAN warning went away. I checked gcc-9, which detected the error in both cases but not for gcc-10 and above. I wonder if this is due to some optimizations going on that change the memory layout, which disables ASAN's detection in this case. Compiler explorer: https://godbolt.org/z/zfGv5378a % cat a.c struct a { int x; }; void h(struct a *b) { struct a c[70]; int i; for (i = 0; i < 70; i++) c[i].x = 1; __builtin_memcpy(b, c, 70*sizeof(struct a)); __builtin_printf("%d\n", b->x); }; void g() { struct a * d = (struct a *)__builtin_alloca(69*sizeof(struct a)); int e[20] ; // int *f = &e[0]; h(d); } int main() { g(); return 0; } %