This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug c/78174] New: out of bounds array subscript in rtl.h NOTE_DATA macro


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78174

            Bug ID: 78174
           Summary: out of bounds array subscript in rtl.h NOTE_DATA macro
           Product: gcc
           Version: 7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

As discussed in https://gcc.gnu.org/ml/gcc-patches/2016-10/msg02498.html:

A patch to enhance buffer overflow warnings (and c/53562) exposed a problem in
the definition of the NOTE_DATA macro defined in the GCC rtl.h header.  The
macro expands to a reference to a non-existent element 3 of the one-element
rtx_note::rtx_insn::rtx_def::u.fld array, like so:

  memset (&((note)->u.fld[3]), 0, sizeof (((note)->u.fld[3])));

note is a pointer to rtx_note.

The computed address, while outside the array, is within the boundaries of the
larger rtx_note object in which the array is declared and so it is not invalid
in and of itself, but deriving the address this way is undefined.  The patch,
which enhances memcpy and other functions to detect and warn on writes past the
end of an object (similarly to __builtin___memcpy_chk et al.), detects that the
subscript is out of bounds of the array from which it was derived and issues a
warning.  To avoid the warning the address should be computed/derived not from
the array but rather from the surrounding object, for example like so:

  char *p = (char*) &(note)->u.fld[0];
  p += sizeof (((note)->u.fld[0])) * 3;
  memset (p, 0, sizeof *p);

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]