This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c++/79950] G++ cannot detect simple off by one error in STL classes
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 08 Mar 2017 22:52:24 +0000
- Subject: [Bug c++/79950] G++ cannot detect simple off by one error in STL classes
- Auto-submitted: auto-generated
- References: <bug-79950-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79950
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msebor at gcc dot gnu.org
--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
One part of the problem is that v[v.size()] isn't necessarily out of bounds (in
the -Warray-bounds sense) because v.size() <= v.capacity(). At a minimum,
though, v[v.size()] is an uninitialized read (in the -Wuninitialized sense),
but GCC can't tell that from just f1's definition. For a checker to diagnose
this problem it would need be taught about std::vector. Not only that, because
vector is represented using pointers (begin, end, end-of-storage), GCC would
probably also need be taught about pointer relationships (i.e., that begin <=
end <= end-of-storage always holds). Basically support some form of pointer
ranges. That would be a great feature to have (not just for vectors) but I
don't have the impression anyone is working on it. (The alternative to pointer
ranges is to implement some sort of a pattern checker for containers as
suggested in comment #4. Such checkers are usually the province of static
analyzers. I'm not aware of a precedent for something like that in GCC.)