Bug 83347 - write pointer to const string possible without warning
Summary: write pointer to const string possible without warning
Alias: None
Product: gcc
Classification: Unclassified
Component: c (show other bugs)
Version: 6.4.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2017-12-09 22:53 UTC by Alexander Kleinsorge
Modified: 2020-10-12 16:06 UTC (History)
1 user (show)

See Also:
Known to work:
Known to fail:
Last reconfirmed:


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Kleinsorge 2017-12-09 22:53:59 UTC
It is possible to get a writeable pointer to a const "string".
Point 3 and 4 give an error or warning (as they should),
but point 1 and 2 should at least give a warning. 
Point 1 gives a pointer that is violating the const-qualifiers.
Point 1+2 cause undefined behavior, but no warning is shown.

I don't see any use-case where wrinting to a "const string" is a good idea.
If this is really allowed, then it should be discussed.

1.  char * p = "TEST"; // no warning or error (NOK)
2.  memcpy("abc","def",3); // no warning or error (NOK)
3.  const char * cp = 0; char * p2 = cp; // -Wdiscarded-qualifiers (OK)
4.  "test" = "w"; // error: assignment to expression with array type (OK)

tested on gcc (GCC) 6.4.0 under Cygwin(MinGW).

Thanks for answer, Alex
Comment 1 Andrew Pinski 2017-12-09 23:07:04 UTC
Comment 2 Alexander Kleinsorge 2017-12-09 23:43:37 UTC
Typo (s missing) -Wwrite-strings
but why this is not part of -Wall ?
Comment 3 Jakub Jelinek 2017-12-10 10:55:12 UTC
Compatibility with big amounts of code in the wild.
Bugs with actually writing to string literals are rare and easy to spot at runtime (string literals usually are in readonly sections and any stores to them segfault).  The warning is on by default in C++, because it has different wording here, while in C nothing in the standard says it is wrong to use char *p = "test";
Comment 4 Eric Gallager 2017-12-11 13:13:06 UTC
See also bug 61579
Comment 5 CVS Commits 2020-10-12 16:06:05 UTC
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:


commit r11-3829-g3175d40fc52fb8eb3c3b18cc343d773da24434fb
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Oct 7 18:34:09 2020 -0400

    analyzer: add warnings about writes to constant regions [PR95007]
    This patch adds two new warnings:
    for code paths where the analyzer detects a write to a constant region.
    As noted in the documentation part of the patch, the analyzer doesn't
    prioritize detection of such writes, in that the state-merging logic
    will blithely lose the distinction between const and non-const regions.
    Hence false negatives are likely to arise due to state-merging.
    However, if the analyzer does happen to spot such a write, it seems worth
    reporting, hence this patch.
            * analyzer.opt (Wanalyzer-write-to-const): New.
            (Wanalyzer-write-to-string-literal): New.
            * region-model-impl-calls.cc (region_model::impl_call_memcpy):
            Call check_for_writable_region.
            (region_model::impl_call_memset): Likewise.
            (region_model::impl_call_strcpy): Likewise.
            * region-model.cc (class write_to_const_diagnostic): New.
            (class write_to_string_literal_diagnostic): New.
            (region_model::check_for_writable_region): New.
            (region_model::set_value): Call check_for_writable_region.
            * region-model.h (region_model::check_for_writable_region): New
            * doc/invoke.texi: Document -Wanalyzer-write-to-const and
            PR c/83347
            PR middle-end/90404
            PR analyzer/95007
            * gcc.dg/analyzer/write-to-const-1.c: New test.
            * gcc.dg/analyzer/write-to-string-literal-1.c: New test.