[Bug sanitizer/109444] Possible array overflow without diagnosis in memcpy

pinskia at gcc dot gnu.org via Gcc-bugs Fri, 07 Apr 2023 10:51:37 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109444


Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Mohamed from comment #2)
> I guess you meant Bar, since Bar has the array member. But then for the
> sanitizer to intervene and diagnose are there conditions for alignment??

No, I Mean Bar's alignment is 1 byte aligned while Foo is
alignof(decltype(nullptr)) because of the vtable pointer. Foo2 does not have a
vtable so its alignment is still 1 byte. The padding bytes for Foo is done
because Bar is not a multiple of the alignment though.

There is not much to be done here as the overflow is into padding bits and
address sanitizer is doing exactly what it should do.

[Bug sanitizer/109444] Possible array overflow without diagnosis in memcpy

Reply via email to