This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

mudflap extention request

From: Herman ten Brugge <hermantenbrugge at home dot nl>
To: gcc at gcc dot gnu dot org
Date: Mon, 23 Jan 2006 21:39:43 +0100
Subject: mudflap extention request

Hello,

I recently debugged a program that had an array indexing problem. The
simplified program is:

typedef struct tst_struct
{
 unsigned n;
 unsigned arr[3];
 struct tst_struct *next;
} tst;

tst t = { 3, {0, 1, 2}, 0 };

int
main (void)
{
 t.arr[t.n++] = 3;
}

The 't.arr[t.n++]' overwrites the 'next' field in the structure.

The bounds-checking code in the past could not find this problem
because the structure was seen as one big object. I modified the
bounds-checking code a long time ago to handle arrays special.
Arrays are now checked against the maximum array size. I had
to make one exception because of code like:

typedef struct tst_struct
{
 unsigned n;
 unsigned arr[1];
} tst;

This structure is normally extended using malloc. So I do not
check arrays when the array size is <= array element size.

This code also finds problems like:
int a[10][10];
printf("%d", a[0][11]);

Finally the question. Is it possible to add this extension
to mudflap so the above problem is found here as well.

I did find a lot of array indexing problems like the above
one in the past 10 years since I implemented it.

Herman.

Follow-Ups:
- Re: mudflap extention request
  - From: Frank Ch. Eigler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]