This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714)

To make reviewing the changes easier I've split up the patch
into a series:

1. Detection of nul-terminated constant arrays to prevent early
   folding.  This resolves PR 86711 - wrong folding of memchr,
   and prevents PR 86714 - tree-ssa-forwprop.c confused by too
   long initializer, but doesn't warn.

2. Warn for reads past unterminated constant character arrays.
   This adds warnings for string functions called with such arrays
   to resolve PR 86552 - missing warning for reading past the end
   of non-string arrays.  Now that GCC transforms braced-initializer
   lists into STRING_CSTs (even those with no nul), the warning is
   capable of diagnosing even those.

   2.1 strlen
   2.2 strcpy
   2.3 sprintf
   2.4 stpcpy
   2.5 strnlen

There are many more string functions where unterminated (constant
or otherwise) should be diagnosed.  I plan to continue to work on
those (with the constant ones first)  but I want to post this
updated patch for review now, mainly so that the wrong code bug
(PR 86711) can be resolved and the basic detection infrastructure
agreed on.

An open question in my mind is what should GCC do with such calls
after issuing a warning: replace them with traps?  Fold them into
constants?  Or continue to pass them through to the corresponding
library functions?


On 07/25/2018 05:38 PM, Martin Sebor wrote:

The fix for bug 86532 has been checked in so this enhancement
can now be applied on top of it (with only minor adjustments).

On 07/19/2018 02:08 PM, Martin Sebor wrote:
In the discussion of my patch for pr86532 Bernd noted that
GCC silently accepts constant character arrays with no
terminating nul as arguments to strlen (and other string

The attached patch is a first step in detecting these kinds
of bugs in strlen calls by issuing -Wstringop-overflow.
The next step is to modify all other handlers of built-in
functions to detect the same problem (not part of this patch).
Yet another step is to detect these problems in arguments
initialized using the non-string form:

  const char a[] = { 'a', 'b', 'c' };

This patch is meant to apply on top of the one for bug 86532
(I tested it with an earlier version of that patch so there
is code in the context that does not appear in the latest
version of the other diff).


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]