This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714)
- From: Martin Sebor <msebor at gmail dot com>
- To: Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Jeff Law <law at redhat dot com>
- Date: Mon, 13 Aug 2018 15:23:30 -0600
- Subject: [PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714)
- References: <a0d277c4-41c5-61a8-0284-5b1b245e2c74@gmail.com> <ff946355-efec-e286-d7b7-1505a8acc55b@gmail.com>
To make reviewing the changes easier I've split up the patch
into a series:
1. Detection of nul-terminated constant arrays to prevent early
folding. This resolves PR 86711 - wrong folding of memchr,
and prevents PR 86714 - tree-ssa-forwprop.c confused by too
long initializer, but doesn't warn.
2. Warn for reads past unterminated constant character arrays.
This adds warnings for string functions called with such arrays
to resolve PR 86552 - missing warning for reading past the end
of non-string arrays. Now that GCC transforms braced-initializer
lists into STRING_CSTs (even those with no nul), the warning is
capable of diagnosing even those.
2.1 strlen
2.2 strcpy
2.3 sprintf
2.4 stpcpy
2.5 strnlen
There are many more string functions where unterminated (constant
or otherwise) should be diagnosed. I plan to continue to work on
those (with the constant ones first) but I want to post this
updated patch for review now, mainly so that the wrong code bug
(PR 86711) can be resolved and the basic detection infrastructure
agreed on.
An open question in my mind is what should GCC do with such calls
after issuing a warning: replace them with traps? Fold them into
constants? Or continue to pass them through to the corresponding
library functions?
Martin
On 07/25/2018 05:38 PM, Martin Sebor wrote:
Ping: https://gcc.gnu.org/ml/gcc-patches/2018-07/msg01124.html
The fix for bug 86532 has been checked in so this enhancement
can now be applied on top of it (with only minor adjustments).
On 07/19/2018 02:08 PM, Martin Sebor wrote:
In the discussion of my patch for pr86532 Bernd noted that
GCC silently accepts constant character arrays with no
terminating nul as arguments to strlen (and other string
functions).
The attached patch is a first step in detecting these kinds
of bugs in strlen calls by issuing -Wstringop-overflow.
The next step is to modify all other handlers of built-in
functions to detect the same problem (not part of this patch).
Yet another step is to detect these problems in arguments
initialized using the non-string form:
const char a[] = { 'a', 'b', 'c' };
This patch is meant to apply on top of the one for bug 86532
(I tested it with an earlier version of that patch so there
is code in the context that does not appear in the latest
version of the other diff).
Martin