[Bug sanitizer/105697] New: GCC trunk failed to detect a stack buffer-overflow

Mon, 23 May 2022 00:40:32 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105697

            Bug ID: 105697
           Summary: GCC trunk failed to detect a stack buffer-overflow
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: shaohua.li at inf dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

For the following code, `gcc-trunk -O0 -fsanitize=address` didn't report the
buffer-overflow in e(), while `gcc-trunk -O3 -fsanitize=address` reported it
successfully.

$cat a.c
int *d;
int e(volatile int h) {
  d = &h;
  return *(d + 1);
}
int main() { 
    return e(0); 
}
$
$gcc-trunk -O0 -fsanitize=address a.c && ./a.out
$
$gcc-trunk -O3 -fsanitize=address a.c && ./a.out
=================================================================
==1721824==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffd3c2733d4 at pc 0x55a2efd4b1f5 bp 0x7ffd3c2733a0 sp 0x7ffd3c273390
READ of size 4 at 0x7ffd3c2733d4 thread T0
    #0 0x55a2efd4b1f4 in main (/project/shaoli/data/work-amd3/a.out+0x11f4)
    #1 0x7f77fb01d082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #2 0x55a2efd4b28d in _start (/project/shaoli/data/work-amd3/a.out+0x128d)

Address 0x7ffd3c2733d4 is located in stack of thread T0 at offset 36 in frame
    #0 0x55a2efd4b10f in main (/project/shaoli/data/work-amd3/a.out+0x110f)

  This frame has 1 object(s):
    [32, 36) 'h' (line 6) <== Memory access at offset 36 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
(/project/shaoli/data/work-amd3/a.out+0x11f4) in main
Shadow bytes around the buggy address:
  0x100027846620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100027846630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100027846640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100027846650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100027846660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100027846670: 00 00 00 00 00 00 f1 f1 f1 f1[04]f3 f3 f3 00 00
  0x100027846680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100027846690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000278466a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000278466b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000278466c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1721824==ABORTING

Reply via email to