Asan bug or feature?

Hi all,

By hunting after address error in our app I have found unexpected asan

Here is a minimal isolated example which runs without address error:

clang++ a.cpp -fsanitize=address

cat a.cpp

char* subroutine()
        char* p = new char[8]();
        return p;

int main( int /*argc*/, char** /*argv*/ )
        char* pc_sub = subroutine();
        char* pc_main = new char[8]();
        pc_main[32] = 1; //points to pc_sub, no ERROR :frowning:
// pc_main[16] = 2; //points to bad address ERROR :slight_smile:
        pc_sub[-32] = 3; //points to pc_main, no ERROR :frowning:

Yes, ASan puts a redzone around heap allocations, but that redzone has a
limited size (this is a memory / ability to catch bugs tradeoff). Put
another way, ASan checks that you only use valid addresses, but doesn't
check how those addresses are computed. Do you have some specific question
about this?

        delete[] pc_main;

If you set env. variable ASAN_OPTIONS=redzone=64 asan fill find all three cases in your test.


Thanks for the explanation,

I will set my tests to run with different „coprime“ redzone sizes to cover more memory bugs.