https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108541
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |WONTFIX
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Ok, I've got a reduced test-case:
cat pr108541.c
struct S {
// WORKS: char padding[48];
char padding[49];
};
struct S h, *i;
int main() {
int *dummy;
&dummy;
int m = 1;
char *ptr = (char *)&m;
*(struct S *)(char *)(ptr - 0) = h;
return 0;
}
so the shadow memory looks like this:
0x7ffff5300000: f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3
[48, 52) 'm' (line 12)
[64, 72) 'dummy' (line 9)
what happens here: during the expansion of .ASAN_CHECK (5, ptr_5, 49, 1);
we check for the memory area beginning (that's fine), and than the ending,
which is out of the poisoned memory. It's unfortunate that the middle area of
the 49B contains a poisoned memory.
Closing as won't fix, we can't check every single byte of shadow memory, that
would be very slow.
