The fact that some region appears in "m"
doesn't mean the inline asm actually accesses it, it could not touch it at
all, or only some part of it.
Do we have precise semantics of "m" written somewhere?
My understanding was that even though asm may not touch buffer at all
(like e.g. in our tests),
user still declares whole region accessible to compiler.
if Asan wants to check that the whole 100*sizeof(long)
region is accessible, it could often just have false positives, because the
inline asm really accesses just some small part of it.
We've seen this abused (e.g. casting to struct { char x[0xffffffff]; } *)
and that's main reason why we turned this off by default.
On the other we've seen no problems with ffmpeg's testsuite
and ability to detect overflows in inline asm would be rather useful.
Do you see how we could make this more robustly?
We could e.g. only check the first byte
although this wouldn't be as useful.
-Y
