Hi,
On maanantai 29 kesäkuu 2015, Nicolas Pomarède wrote:
Le 28/06/2015 22:16, Eero Tamminen a écrit :
Invalid accesses don't happen because SDLGui_DoDialog() return value
is used in calling code as comparison value (mainly as switch() value),
not as-is for indexing an array.
No, the problem in SDLGui_DoDialog() was a bad indexing :
dlg[current_object].type
When dlg refer to the "do you want to reset" dialog, then dlg is in fact
alertdlg and it only has 8 member in the array, so refering to dlg[ 16
].type is an indexing error, not a switch problem.
Ah, the problem wasn't the SDLGui_DoDialog() return value, but
indexing done inside it.
Address Sanitizer documentation doesn't tell how it tracks
global arrays, but at least for stack and heap values it
just adds "canaries" on both sides of the array. If index
is too much off, that access isn't caught.
More importantly, it needs to know what exact array is accessed,
otherwise it cannot check whether there was some issue
in using it. I think that happens in caller as caller is
in another object and SDLGui_DoDialog() gets just array pointer
and only caller knows where the array ends.
(When you get just a pointer, it might be pointing anywhere
in the array, start, middle, end...).