False negative: buffer overflow in array parameter
Chris S
cs2991@gmail.com
Fri Nov 21 03:31:54 GMT 2025
Function parameters declared as raw arrays decay to pointer, so it looks
like an array but isn't. Maybe the compiler could remember the extent of
the array before decaying it, but I doubt it does. The language requires
this decay, and it's only a quality of implementation request to ask the
compiler to give a warning for that. It'd be nice but I'm not holding my
breath.
In the meanwhile, if you're using c++ use std::array and you'll get the
checking you'd like.
On Sun, Nov 16, 2025, 12:36 PM Alejandro Colomar via Gcc-help <
gcc-help@gcc.gnu.org> wrote:
> Hi!
>
> Is there any bug ticket open for this thing?
>
> alx@devuan:~/tmp$ cat bo.c
> void
> f(int n, int a[n])
> {
> a[n + 100] = 42;
> }
> alx@devuan:~/tmp$ gcc -Wall -Wextra -O3 -fanalyzer -S bo.c
> alx@devuan:~/tmp$ /opt/local/gnu/gcc/maxof3/bin/gcc -Wall -Wextra
> -O3 -fanalyzer -S bo.c
> alx@devuan:~/tmp$
>
> It's hard to find in bugzilla such common bugs, as there's a lot of
> noise.
>
> I expect such code would have a diagnostic, as it seems trivial to
> realize that n+100 is >= n.
>
>
> Have a lovely night!
> Alex
>
> --
> <https://www.alejandro-colomar.es>
> Use port 80 (that is, <...:80/>).
>
More information about the Gcc-help
mailing list