Stefan Pusl via llvm-dev
2018-May-25 13:22 UTC
[llvm-dev] Known limitation or intra-object-overflow not working?
Hello,
normally buffer overflows are detected by address sanitizer. Then I
recognized, that this is not the case, if the array is located inside a
structure. Thus I created a small example (test.c):
struct xxx {
int a;
int buffer[10];
int b;
};
int main(void) {
struct xxx var;
int buffer[10];
int count;
for (count = 0; count <=10; count++) {
var.buffer[count] = count;
buffer[count] = count;
}
return 0;
}
The command I used is: clang -g -fsanitize=address
-fsanitize-address-field-padding=2 test.c
The clang version I used is: clang version 5.0.0
When I run the executable, I get a stack-buffer-overflow. But the
buffer-overflow of the array inside the structure, which happens before
the stack-buffer overflow, is not detected by address sanitizer.
My question is now: Is this a known limitation of the address sanitizer
or is the intra-object-overflow not working correct?
Thanks,
Stefan
Apparently Analagous Threads
- [Bug 1432] New: ebtables ebtables-2.0.11 buffer overflow on getting kernel data ( ebtables compiled with address sanitizer)
- Attempt to modify memory sanitizer for support of X86
- -sanitizer-coverage-prune-blocks=true and LibFuzzer
- [RFC] ASan: patches to support 32-byte shadow granularity
- AddressSanitizer on SPECCPU2006
Wisdom of the Ancients
