Bug 86199 - warn on calls to strlen with same argument as in strnlen
Summary: warn on calls to strlen with same argument as in strnlen
Status: ASSIGNED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 8.0
: P3 enhancement
Target Milestone: ---
Assignee: Martin Sebor
URL:
Keywords: diagnostic
Depends on:
Blocks: strlen
  Show dependency treegraph
 
Reported: 2018-06-18 18:00 UTC by Martin Sebor
Modified: 2018-06-18 21:59 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2018-06-18 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2018-06-18 18:00:49 UTC
The the call to strlen() in the test case below is most likely unsafe because the subsequent call to strnlen() suggests that the array need not be nul-terminated.  If it is nul-terminated, then the call to strnlen() can be replaced by strlen().  Either way, the code looks suspicious and diagnosing it would be helpful.

$ cat c.c && gcc -O2 -S -Wall -Wextra c.c
char a[4];

unsigned n0, n1;

void f (void)
{
  n0 = __builtin_strlen (a);              // possibly unsafe?
  // ...
  n1 = __builtin_strnlen (a, sizeof a);   // could be replaced by strlen()?
}
Comment 1 Martin Sebor 2018-06-18 21:59:33 UTC
Ditto for strdup vs strndup, although there it might be worth considering diagnosing only calls where the strndup bound is equal the size of the source array, as in:

char a[4], *p, *q;

void f (void)
{
  p = __builtin_strdup (a);              // possibly unsafe? if not then...
  // ...
  q = __builtin_strndup (a, sizeof a);   // this could be replaced by strdup()
}