[Bug sanitizer/106558] New: ASan failed to detect a global-buffer-overflow

[shaohua.li at inf dot ethz.ch via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106558

            Bug ID: 106558
           Summary: ASan failed to detect a global-buffer-overflow
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: shaohua.li at inf dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

For the following code, `gcc-trunk -O1 -fsanitize=address` failed to detect the
global-buffer-overflow, while other opt flags (-O0, -O2, and -O3) can.

$cat a.c
int a;
int *b = &a;
int **c = &b;
int d[1];
int *e = &d[1];

static int f(int *g) {
  *b = e;
  *c = e;
  *b = 2;
  *g = 2;
}
int main() { 
    f(b); 
    return *b;
}
$
$gcc-trunk -O1 -fsanitize=address -w -g && ./a.out
$
$gcc-trunk -O3 -fsanitize=address -w -g && ./a.out
=================================================================
==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000404304
at pc 0x00000040110d bp 0x7ffffc438ae0 sp 0x7ffffc438ad8
WRITE of size 4 at 0x000000404304 thread T0
    #0 0x40110c in f /app/a.c:10
    #1 0x40110c in main /app/a.c:14
    #2 0x7f9bc6e1a0b2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x240b2) (BuildId:
9fdb74e7b217d06c93172a8243f8547f947ee6d1)
    #3 0x40117d in _start (/app/output.s+0x40117d) (BuildId:
55182140539c37abf57e49748b511b560966f7c4)

0x000000404304 is located 60 bytes to the left of global variable 'a' defined
in '/app/a.c:1:5' (0x404340) of size 4
0x000000404304 is located 0 bytes to the right of global variable 'd' defined
in '/app/a.c:4:5' (0x404300) of size 4
SUMMARY: AddressSanitizer: global-buffer-overflow /app/a.c:10 in f
Shadow bytes around the buggy address:
  0x000080078810: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x000080078820: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000080078830: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x000080078840: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x000080078850: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
=>0x000080078860:[04]f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x000080078870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800788a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800788b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1==ABORTING