Address Sanitizer Internals

[nneonneo]

Weird, the following program compiles and runs without complaint under `-fsanitize=bounds-strict,address,undefined` and outputs the rather fetching output `��1�I��^H��H���PTE1�1�H�Ǧ@`:

    #include <stdio.h>

    int main(int argc, char **argv) {
        printf("%s\n", argv[-8]);
    }

(https://godbolt.org/z/ef8KMGnce - feel free to try other values to dump out environment variables and other stack crap)

Oh, but maybe that's because the compiler has no model of how `argv` works. Fine, try this?

    #include <stdio.h>
    
    int foo(volatile char *x) {
        return x[0] + x[-64];
    }
    
    int main(int argc, char **argv) {
        char x[1] = {42};
        printf("%d\n", foo(x));
    }

(https://godbolt.org/z/TMzehfGah)

Happily loads way out of bounds, no problem whatsoever - no runtime error, no sanitizer complaints, nothing.

Sanitizers are great, but they are not perfect. They are not a replacement for real array bounds checking; other languages that do real bounds checking do so by carrying the bounds with the object which is categorically impossible under the standard C ABIs.

[adrian_b]

You did not use arrays, so there were no bounds to be checked.

The C language indeed allows the use of pointers having arbitrary values that cannot be checked in any way.

However it is trivial to avoid the use of such pointers and any decent programmer will never use such pointers, because they are never needed.

Unfortunately, it is difficult to forbid the use of such pointers, because there are too many legacy programs.

That however cannot be an excuse for any programmer who is writing a new program. If someone uses pointers in such a way, that cannot happen through an unwilling mistake, so it is their fault and they have no right to blame the programming language.

[saagarjha]

New programs are unfortunately bound to old APIs. There's not much you can do here to fix the problem.