This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/86532] [9 Regression] Wrong code due to a wrong strlen folding starting with r262522
- From: "bernd.edlinger at hotmail dot de" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 17 Jul 2018 15:51:28 +0000
- Subject: [Bug tree-optimization/86532] [9 Regression] Wrong code due to a wrong strlen folding starting with r262522
- Auto-submitted: auto-generated
- References: <bug-86532-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86532
--- Comment #14 from Bernd Edlinger <bernd.edlinger at hotmail dot de> ---
(In reply to Martin Sebor from comment #13)
> (In reply to Richard Biener from comment #9)
> >
> > I bet Martin would argue it's invalid ...
>
> That's right, the example in comment 8 is undefined because strlen()
> requires a nul-terminated string argument and a[0] in the call strlen(a[0])
> is not such a string. It's not valid for strlen() to access one subobject
> when passed a pointer to another, even if the two are adjacent in memory.
> This applies equally to struct members as well as multidimensional arrays.
From a security perspective I cannot agree.
First the sample generates 0 warnings -Wall and -Wextra
Second it generates zero warnings under -fsanitize=address,undefined
This is going into slippery terrain.