This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug tree-optimization/82585] missing -Warray-bounds calling strlen on a member at out-of-bounds offfset

From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Thu, 19 Oct 2017 01:48:31 +0000
Subject: [Bug tree-optimization/82585] missing -Warray-bounds calling strlen on a member at out-of-bounds offfset
Auto-submitted: auto-generated
References: <bug-82585-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82585

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
(In reply to Richard Biener from comment #1)
> Probably one form is folded to &a[4] and p->a + 4 is not folded to &p->a[4].

That's right.  (a + 4) is MEM_REF (char[3], ADDR_EXPR (char[3], VAR_DECL (a)))
and (p->a + 4 is) MEM_REF (char[3], SSA_NAME (p), 4).  The latter makes it
impossible to tell the invalid (p->a + 10) from the valid (p[1].a + 2).

But maybe it's not completely hopeless.  Even if we can't tell whether the
result of the pointer addition is derived from a pointer to the same subobject,
it should be possible to determine whether or not the resulting pointer points
to the same subobject (or at least one of the same type) as the original
pointer.  That doesn't detect all kinds of problems but it detects the worst
kind: using a pointer to T to access a subobject of type U.

References:
- [Bug tree-optimization/82585] New: missing -Warray-bounds calling strlen on a member at out-of-bounds offfset
  - From: msebor at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]