This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] set range for strlen(array) to avoid spurious -Wstringop-overflow (PR 83373 , PR 78450)
On Thu, Dec 14, 2017 at 09:13:21AM -0700, Jeff Law wrote:
> > Although I would prefer not to, I suppose if letting strlen cross
> > the boundaries of subobjects was considered an important use to
> > accommodate in limited cases the optimization could be disabled
> > for member arrays declared with the new nonstring attribute (while
> > still issuing a warning for it as GCC does today).
> >
> > Another alternative (if the above use case is considered important
> > enough) might be to suppress the optimization for member character
> > arrays that are immediately followed by another such array.
> History tells us that there will be someone out there that does this
> kind of thing -- the question is how pervasive is it. My suspicion is
> that it is not common.
>
> Given that I don't expect those uses to be common, the only thing that
> should break is non-conforming code and we have a (new) warning for such
> code my inclination is to go forward.
>
> So I'm OK with the patch. I'd give folks till Monday to chime in with
> dissenting opinions.
Well, it would be nice to get sanitizers diagnose this at runtime. If we
know the array length at compile time, simply compare after the strlen
call the result and fail if it returns something above it. Or replace
the strlen call with strnlen for the compile time known size and add
instrumentation if strnlen returns the second argument.
Jakub