Hi all,
By hunting after address error in our app I have found unexpected asan
behaviourHere is a minimal isolated example which runs without address error:
clang++ a.cpp -fsanitize=address
cat a.cpp
char* subroutine()
{
char* p = new char[8]();
return p;
}int main( int /*argc*/, char** /*argv*/ )
{
char* pc_sub = subroutine();
char* pc_main = new char[8]();
pc_main[32] = 1; //points to pc_sub, no ERROR
// pc_main[16] = 2; //points to bad address ERROR
pc_sub[-32] = 3; //points to pc_main, no ERROR
Yes, ASan puts a redzone around heap allocations, but that redzone has a
limited size (this is a memory / ability to catch bugs tradeoff). Put
another way, ASan checks that you only use valid addresses, but doesn't
check how those addresses are computed. Do you have some specific question
about this?
delete pc_main;