[Bug middle-end/100944] New: missing -Warray-bounds accessing a flexible array member of a nested struct

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Mon Jun 7 16:52:54 GMT 2021 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100944

            Bug ID: 100944
           Summary: missing -Warray-bounds accessing a flexible array
                    member of a nested struct
           Product: gcc
           Version: 11.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

GCC issues -Wzero-length bounds for the invalid access to the zero length array
in f0() below but doesn't warn for the equally invalid access to the flexible
array member of the nested struct in fx().  Both should be diagnosed, the
latter with -Warray-bounds.  The inequality test in each of the two functions
illustrates the sort of a problem the warning is designed to prevent (using one
member to access another).

$ cat a.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c
struct A0
{
  int i, a[0];
};

struct B0
{
  struct A0 a;
  long x;
} b0;

void f0 (int i)
{
  long t = b0.x;
  b0.a.a[i] = 0;    // -Wzero-length-bounds (good)
  if (t != b0.x)    // folded to false
    __builtin_abort ();
}

struct Ax
{
  int i, a[];
};

struct Bx
{ 
  struct Ax a;
  long x;
} bx;

void fx (int i)
{
  long t = bx.x;
  bx.a.a[i] = 0;    // missing -Warray-bounds
  if (t != bx.x)    // folded to false
    __builtin_abort ();
}
a.c: In function ‘f0’:
a.c:15:9: warning: array subscript ‘i’ is outside the bounds of an interior
zero-length array ‘int[0]’ [-Wzero-length-bounds]
   15 |   b0.a.a[i] = 0;    // -Wzero-length-bounds (good)
      |   ~~~~~~^~~
a.c:3:10: note: while referencing ‘a’
    3 |   int i, a[0];
      |          ^

;; Function f0 (f0, funcdef_no=0, decl_uid=1950, cgraph_uid=1, symbol_order=1)

void f0 (int i)
{
  <bb 2> [local count: 1073741824]:
  b0.a.a[i_2(D)] = 0;
  return;

}



;; Function fx (fx, funcdef_no=1, decl_uid=1961, cgraph_uid=2, symbol_order=3)

void fx (int i)
{
  <bb 2> [local count: 1073741824]:
  bx.a.a[i_2(D)] = 0;
  return;

}

More information about the Gcc-bugs mailing list