https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124230
Bug ID: 124230
Summary: bound sanitizer does not issue error for out-of-bound
access through pointer array annotated with counted_by
Product: gcc
Version: 16.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: qinzhao at gcc dot gnu.org
Target Milestone: ---
for the following small example:
#include <stdlib.h>
struct annotated {
int *c __attribute__ ((counted_by (b)));
int b;
};
static struct annotated __attribute__((__noinline__)) *setup (int
annotated_count)
{
struct annotated *p_array_annotated
= (struct annotated *) malloc (sizeof (struct annotated));
p_array_annotated->c = (int *) malloc (annotated_count * sizeof (int));
p_array_annotated->b = annotated_count;
return p_array_annotated;
}
int main(int argc, char *argv[])
{
struct annotated *p = setup (10);
p->c[12] = 2; //out of bound access
return 0;
}
when compiled with the latest trunk gcc and -fsanitize=bounds, the out-of-bound
access is not caught by the bound sanitizer.
gcc -fsanitize=bounds t.c; ./a.out
