Bug 86552 - missing warning for reading past the end of non-string arrays
Summary: missing warning for reading past the end of non-string arrays
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 9.0
: P3 normal
Target Milestone: 9.0
Assignee: Martin Sebor
Keywords: diagnostic, patch
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
Reported: 2018-07-17 17:23 UTC by Martin Sebor
Modified: 2019-01-14 23:26 UTC (History)
0 users

See Also:
Known to work: 9.0
Known to fail:
Last reconfirmed: 2018-07-17 00:00:00

Preliminary patch. (5.31 KB, text/plain)
2018-07-19 02:30 UTC, Martin Sebor

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2018-07-17 17:23:25 UTC
GCC silently accepts array declarations with string initializers that contain an extra element (the terminating nul) that doesn't fit into the array, and also silently allows such arrays to be used as arguments to functions that require string arguments.

It would be helpful to diagnose the initialization.  Regardless of diagnostics for those, GCC should also diagnose uses of such arrays when possible (e.g., in the constant cases).  This should be done regardless of the form of the initialization (i.e., using a string literal or using a series of characters, as in const char a[3] = { '1', '2', '3' };).

const char a[3] = "123";   // no warning

int f (void)
  return __builtin_strlen (a);   // missing warning

void g (char *d)
  __builtin_strcpy (d, a);   // missing warning
Comment 1 Martin Sebor 2018-07-17 22:30:40 UTC
I have a simple solution for strlen.
Comment 2 Martin Sebor 2018-07-19 02:30:41 UTC
Created attachment 44407 [details]
Preliminary patch.

Lightly tested patch to apply on top of the one for bug 86532.
Comment 3 Martin Sebor 2018-07-19 20:22:54 UTC
Patch: https://gcc.gnu.org/ml/gcc-patches/2018-07/msg01124.html
Comment 4 Bernd Edlinger 2018-08-02 06:44:02 UTC

I wonder if it would be better to diagnose strlen(a) if a is declared as

const char a[] = { 1,2,3 }

regardless of if it contains 0 at the end?

or just imagine

const char a[] = { '%', 'd', '\0' }

printf(a, x);

this is insane code, no matter if it is zero-terminated.
Comment 5 Martin Sebor 2018-08-02 16:17:57 UTC
Yes, that's also (partly) why I submitted a solution for pr71625 comment 15:


With that patch applied as well the strlen call is diagnosed.
Comment 6 Martin Sebor 2019-01-14 23:26:51 UTC
The warning has been implemented in GCC 9 via r264585 (strlen), r264327 (strcpy), and r264822 (sprintf).