https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117233
Bug ID: 117233
Summary: UBSAN should catch undefined behavior in realloc
Product: gcc
Version: 14.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: bruno at clisp dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 59396
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=59396&action=edit
test case foo.c
ISO C 23 ยง 7.24.3.7 specifies that realloc (ptr, 0), when ptr is non-null, is
"undefined behavior".
It would be very useful if the UBSAN would catch such invocations, because this
corner of realloc's specification is a real portability hassle, cf.
https://sourceware.org/bugzilla/show_bug.cgi?id=12547 .
How to reproduce:
============================ foo.c ============================
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
int main ()
{
char *p = malloc (200);
printf ("%p", p);
errno = 0;
char *q = realloc (p, 0);
printf (" %p %d\n", q, errno);
}
===============================================================
$ gcc -Wall -fsanitize=undefined -std=gnu23 foo.c
$ ASAN_OPTIONS="abort_on_error=0 allocator_may_return_null=1" ./a.out
0x1eaa2b0 (nil) 0
$ ASAN_OPTIONS="abort_on_error=0 allocator_may_return_null=0" ./a.out
0x5a52b0 (nil) 0
Expected: Some error report from UBSAN.
