86199 – warn on calls to strlen with same argument as in strnlen

Bug 86199 - warn on calls to strlen with same argument as in strnlen

Summary: warn on calls to strlen with same argument as in strnlen

Status:	NEW

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	tree-optimization (show other bugs)
Version:	8.0

Importance:	P3 enhancement
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:	diagnostic

Depends on:
Blocks:	strlen
	Show dependency tree / graph

Reported:	2018-06-18 18:00 UTC by Martin Sebor
Modified:	2022-01-26 17:12 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2018-06-18 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Sebor 2018-06-18 18:00:49 UTC

The the call to strlen() in the test case below is most likely unsafe because the subsequent call to strnlen() suggests that the array need not be nul-terminated.  If it is nul-terminated, then the call to strnlen() can be replaced by strlen().  Either way, the code looks suspicious and diagnosing it would be helpful.

$ cat c.c && gcc -O2 -S -Wall -Wextra c.c
char a[4];

unsigned n0, n1;

void f (void)
{
  n0 = __builtin_strlen (a);              // possibly unsafe?
  // ...
  n1 = __builtin_strnlen (a, sizeof a);   // could be replaced by strlen()?
}

Comment 1 Martin Sebor 2018-06-18 21:59:33 UTC

Ditto for strdup vs strndup, although there it might be worth considering diagnosing only calls where the strndup bound is equal the size of the source array, as in:

char a[4], *p, *q;

void f (void)
{
  p = __builtin_strdup (a);              // possibly unsafe? if not then...
  // ...
  q = __builtin_strndup (a, sizeof a);   // this could be replaced by strdup()
}

Comment 2 Martin Sebor 2022-01-26 17:12:46 UTC

I'm not working on this anymore.