This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/82585] missing -Warray-bounds calling strlen on a member at out-of-bounds offfset
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 19 Oct 2017 01:48:31 +0000
- Subject: [Bug tree-optimization/82585] missing -Warray-bounds calling strlen on a member at out-of-bounds offfset
- Auto-submitted: auto-generated
- References: <bug-82585-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82585
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
(In reply to Richard Biener from comment #1)
> Probably one form is folded to &a[4] and p->a + 4 is not folded to &p->a[4].
That's right. (a + 4) is MEM_REF (char[3], ADDR_EXPR (char[3], VAR_DECL (a)))
and (p->a + 4 is) MEM_REF (char[3], SSA_NAME (p), 4). The latter makes it
impossible to tell the invalid (p->a + 10) from the valid (p[1].a + 2).
But maybe it's not completely hopeless. Even if we can't tell whether the
result of the pointer addition is derived from a pointer to the same subobject,
it should be possible to determine whether or not the resulting pointer points
to the same subobject (or at least one of the same type) as the original
pointer. That doesn't detect all kinds of problems but it detects the worst
kind: using a pointer to T to access a subobject of type U.