Catch buffer overflows in structures #140

arthaud · 2019-07-11T21:52:37Z

The current analysis cannot catch a buffer overflow in a structure.

For instance:

#include <ikos/analyzer/intrinsic.h>

typedef struct {
    int tab[10];
    int x;
} Struct;

int main() {
    Struct s;
    s.tab[10] = 1; // overflow on tab, writes on x
    __ikos_assert(s.x == 1);
    return 0;
}

The analyzer only checks that the memory write is within the structure, so it is considered safe.

The analyzer will actually know that s.x is 1, so we could say that the analysis is somewhat sound regarding the memory model.

To fix this, we should investigate the inbounds flag of the LLVM getelementptr instruction.

See:

The text was updated successfully, but these errors were encountered:

ivanperez-keera · 2023-12-14T09:21:34Z

Is this a bug or a feature request?

ivanperez-keera · 2023-12-29T13:53:58Z

My understanding is that this is not a bug. I'm switching labels accordingly. If you disagree, please revert the change.

arthaud added C-bug Category: Bug C-feature-request Category: Feature Request L-c Language: C P-medium Priority: Medium labels Jul 11, 2019

ivanperez-keera removed the C-bug Category: Bug label Dec 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Catch buffer overflows in structures #140

Catch buffer overflows in structures #140

arthaud commented Jul 11, 2019

ivanperez-keera commented Dec 14, 2023

ivanperez-keera commented Dec 29, 2023

Catch buffer overflows in structures #140

Catch buffer overflows in structures #140

Comments

arthaud commented Jul 11, 2019

ivanperez-keera commented Dec 14, 2023

ivanperez-keera commented Dec 29, 2023