On 4/24/25 19:08, Solar Designer wrote:
On Thu, Apr 24, 2025 at 09:06:26PM +0200, Jakub Wilk wrote:
* Solar Designer <so...@openwall.com>, 2025-04-24 20:32:
There appears to be a growing trend towards calling OOB reads "buffer
overflows".
Part of the problem may be that AddressSanitizer uses this unforuntate
terminology; you get something like this:
==7802==ERROR: AddressSanitizer: stack-buffer-overflow on address
0xf5f00021 at pc 0xf79c113e bp 0xfff496e8 sp 0xfff492c4
READ of size 2 at 0xf5f00021 thread T0
Yes, this may very well be the main cause of this trend. Is someone
reading this in a position to change the wording in AddressSanitizer?
For example, it could have "stack out-of-bounds read" in place of
"stack-buffer-overflow" above.
On a guess that the same message fragment is used for both reads and
writes, how about "stack-bound-violation" instead of
"stack-buffer-overflow"? It is even the same length.
-- Jacob
