Skip to content

Sanitizer pointer-overflow does not appear to function #66451

Closed
@kees

Description

@kees

Using -fsanitize=pointer-overflow doesn't appear to provide any checking on pointer math. GCC's implementation correctly triggers if NULL is operated on or if a value would wrap around.

https://godbolt.org/z/1c6ec9TTP

#include <stdlib.h>
#include <stdio.h>

/* Using stderr for all output or else godbolt doesn't intermix output. */
int main(int argc, char *argv[]) {
    void *p = NULL;

    fprintf(stderr, "%p (%zu)\n", p, (unsigned long)p);

    /* argc is a stand-in for "1" to avoid optimization */
    p -= argc;

    fprintf(stderr, "%p (%zu)\n", p, (unsigned long)p);

    p += argc;

    fprintf(stderr, "%p (%zu)\n", p, (unsigned long)p);

    return 0;
}

Clang just shows the value wrapping:

(nil) (0)
0xffffffffffffffff (18446744073709551615)
(nil) (0)

But GCC will catch it:

(nil) (0)
/app/example.c:11:7: runtime error: applying non-zero offset 18446744073709551615 to null pointer
0xffffffffffffffff (18446744073709551615)
/app/example.c:15:7: runtime error: applying non-zero offset to non-null pointer 0xffffffffffffffff produced null pointer
(nil) (0)

Metadata

Metadata

Assignees

Labels

clang:codegenIR generation bugs: mangling, exceptions, etc.compiler-rt:ubsanUndefined behavior sanitizer

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions