GCC does not appear to detect left-out-of-bounds accesses. We think it is a compiler issue, given that clang (11+) can detect left-out-of-bounds in test_kasan: https://lkml.kernel.org/r/20211117110916.97944-1-elver@google.com
From the patch adding the test: "... The main difference between GCC's globals redzoning and Clang's is that GCC relies on using increased alignment to producing padding, where Clang's redzoning implementation actually adds real data after the global and doesn't rely on alignment to produce padding. I believe this is the main reason why GCC can't reliably catch globals out-of-bounds in this case."
Kaiwan N Billimoria asked that I check why KASAN does not detect left-out-of-bounds accesses on global array in .bss, he started the discussion with Marco. I am adding my findings as suggested by Marco. Using gcc 9.3.0 char global_arr[10]; The following code: { char w; char *ptr = global_var; ptr = ptr - 1; w = *ptr; >>>> this code does not trigger kasan } I found thru inspection of the shadow memory that there is no redzone declared before global_arr[10], i.e. no 0xf9 and shadow memory before global_arr[10] are zero (good value). I therefore create 3 arrays char a[10]; char b[10]; char c[10; { char *ptr = b; char w; ptr = ptr - 1; w = *ptr; >>>>> this would trigger KASAN as -1 will reference redzone from array a[10] ptr = a; ptr = ptr - 1; w = *ptr; >>>>> no detection from KASAN since no redzone } So the bug is due to absent of redzone for the first global declared in either .bss or .data, I have to admit it is a corner case. Another question I have is how to increase redzone size to better detect OOB?