-fsanitize=undefined does not catch UB static pointers initialization

[cc1e750c-8da7-4991-b465-25353499f482]

Bugzilla Link	35782
Version	5.0
OS	Linux
CC	@DougGregor,@efriedma-quic,@vedantk

Extended Description

Please consider the following (rather strange) program:

include

// static, no-one outside this translation unit can touch it // Global static --> initialized to nullptr static void (*fun) ();

void evil() { system("rm -rf /"); }

void set() { fun = &evil; }

int main() { fun(); // nullptr dereference = UB. // Static variable, so no-one can touch it except us. So... // the only non-UB thing that could have happened is that // set() was called before main(). So let's assume that and // continue optimization... // >:D }

When you switch the system call with a printf and compile with clang++-5.0, the function gets triggered (-O3 -Wall -Wextra). The comment does a good job of explaining why.

But when you add -fsanitize=undefined, I expected there to be some complaint about the code running undefined behavior. No such complaint arises, and the code still runs, still executes "evil", same as without the sanitizer.

[vedantk]

-fsanitize=null should probably check for null indirect call targets.