Asan bug or feature?

zygoloid · May 19, 2014, 8:49pm

Hi all,

By hunting after address error in our app I have found unexpected asan
behaviour

Here is a minimal isolated example which runs without address error:

clang++ a.cpp -fsanitize=address

cat a.cpp

char* subroutine()
{
        char* p = new char[8]();
        return p;
}

int main( int /*argc*/, char** /*argv*/ )
{
        char* pc_sub = subroutine();
        char* pc_main = new char[8]();
        pc_main[32] = 1; //points to pc_sub, no ERROR
// pc_main[16] = 2; //points to bad address ERROR
        pc_sub[-32] = 3; //points to pc_main, no ERROR

Yes, ASan puts a redzone around heap allocations, but that redzone has a
limited size (this is a memory / ability to catch bugs tradeoff). Put
another way, ASan checks that you only use valid addresses, but doesn't
check how those addresses are computed. Do you have some specific question
about this?

delete pc_main;

Kostya_Serebryany · May 20, 2014, 3:57am

If you set env. variable ASAN_OPTIONS=redzone=64 asan fill find all three cases in your test.

From https://code.google.com/p/address-sanitizer/wiki/Flags:

miroslav.fontan · May 20, 2014, 7:30am

Thanks for the explanation,

I will set my tests to run with different „coprime“ redzone sizes to cover more memory bugs.

MF

Topic		Replies	Views
Asan bug or feature? Clang Frontend	0	63	May 19, 2014
Buildling with/without AddressSanitizer causes divergent execution behaviour LLVM Dev List Archives	12	95	February 17, 2016
Address Sanitizer issues on Windows Clang Frontend	1	1548	December 15, 2021
Address Sanitizer SEGV Using Clang	5	97	November 27, 2013
Using the AddressSanitizer under Windows Clang Frontend	3	195	January 29, 2019

Asan bug or feature?

Related Topics