[Bug tree-optimization/86572] unsafe strlen folding of const arguments with non-const offset
rguenth at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Thu Jul 19 07:49:00 GMT 2018
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86572
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
When we can detect undefined behavior we should try to behave as the user
intended. For example for
MEM[p_1 + 4, int] = 0;
MEM[p_1, double *] = 1.;
x_2 = MEM[p_1 + 4, int];
we see a must-alias and ignore that TBAA allows us to simplify x_2 to 0.
In this particular case folding happens with non-constant offset but
the outcome for large i could be considered a bigger security issue
than not folding (which likely would have crashed or resulted in a
smaller result).
MAX(0, 3 - (ssizetype)i)
might be indeed a way to limit the possible fallout. Or even
len = 3 -(ssizetype)i;
len < 0 ? __builtin_trap () : len;
More information about the Gcc-bugs
mailing list