This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug tree-optimization/86532] [9 Regression] Wrong code due to a wrong strlen folding starting with r262522

From: "bernd.edlinger at hotmail dot de" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 17 Jul 2018 15:51:28 +0000
Subject: [Bug tree-optimization/86532] [9 Regression] Wrong code due to a wrong strlen folding starting with r262522
Auto-submitted: auto-generated
References: <bug-86532-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86532

--- Comment #14 from Bernd Edlinger <bernd.edlinger at hotmail dot de> ---
(In reply to Martin Sebor from comment #13)
> (In reply to Richard Biener from comment #9)
> > 
> > I bet Martin would argue it's invalid ...
> 
> That's right, the example in comment 8 is undefined because strlen()
> requires a nul-terminated string argument and a[0] in the call strlen(a[0])
> is not such a string.  It's not valid for strlen() to access one subobject
> when passed a pointer to another, even if the two are adjacent in memory. 
> This applies equally to struct members as well as multidimensional arrays.

From a security perspective I cannot agree.

First the sample generates 0 warnings -Wall and -Wextra
Second it generates zero warnings under -fsanitize=address,undefined

This is going into slippery terrain.

References:
- [Bug tree-optimization/86532] New: [9 Regression] Wrong code due to a wrong strlen folding starting with r262522
  - From: marxin at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]