Fixed
Status Update
No update yet.
Comments
md...@gmail.com
[Comment Deleted]
kr...@arm.com
Adding Kostya in cc as code owner for Asan to help determine if this should be treated as a non-public security issue, or whether this is best reported as a public security issue.
kr...@arm.com
The LLVM security group members believe this should not be treated as a security issue, and should best be reported as a public issue.
I'm adding Vitaly to this ticket to check if he agrees. Vitaly, I wonder if you could quickly check to see if this seems like an exploitable issue or not?
The LLVM security group members don't think so as we're not aware of anyone using Asan as a security hardening tool on production binaries.
I'm adding Vitaly to this ticket to check if he agrees. Vitaly, I wonder if you could quickly check to see if this seems like an exploitable issue or not?
The LLVM security group members don't think so as we're not aware of anyone using Asan as a security hardening tool on production binaries.
kr...@arm.com
Closing out this ticket as we concluded that this issue doesn't need coordinated disclosure. Therefore, the issue should be reported through the public issue tracker at https://github.com/llvm/llvm-project/issues
vi...@chromium.org
Known and works as intended.
With optimization enabled, there is no buffer at allhttps://godbolt.org/z/P4bfsddTx
We need to apply optimizations like this to keep performance of Asan reasonable.
With optimization enabled, there is no buffer at all
We need to apply optimizations like this to keep performance of Asan reasonable.
Description
What steps will reproduce the problem?
The C code below, compiled using clang with -fsanitize=address and any optimisation flags above level zero, i.e. -O1, do not detect array index out of bounds.
Explicitly, the commands used were:
clang testcase.c -o prog -O1 -fsanitize=address
./prog
The source code for 'testcase.c' is as follows:
#include "stdio.h"
#include "stdint.h"
int main(void)
{
int buffer[1] = {0};
for (int i = 0; i < 2; i++)
{
printf("%d\n", buffer[i]);
}
return 0;
}
This behaviour has been observed in clang 12.0.0 and clang 17.0.1.
Note, manually unrolling the loop triggers the "-Warray-bounds" warning as expected in all cases.
Note, gcc 9.4.0 with the same commands does detect this as a memory violation.
What is the expected output?
Expect address sanitizer memory corruption detection and associated message displayed at runtime.
What do you see instead?
Instead, when the c file is compiled and executed, the terminal output prints adjacent memory being accessed.