*sigh* gcc <8 UBSan fails to catch this serious, trivial-to-make error:https://godbolt.org/z/kNil_u
struct sockaddr_in6 is not critical to the issue, but it's a good real-world example of a structure containing an array where you could accidentally write &s->a+k instead of s->a+k.
-
-
OK, here's an example with no sockaddr_in6: https://godbolt.org/z/kvw5zU The situation is actually worse than I thought. gcc 8 and clang *don't* catch it. They just put in a wrong/useless overflow check for overflow past end of addr space (can't happen) not past object size.
-
As I understand, -fsanitize=object-size is included in -fsanitize=undefined and supposed to catch this, but doesn't... ?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.