https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83776
Bug ID: 83776
Summary: missing -Warray-bounds indexing past the end of a
string literal
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
MEM_REF gets in the way of diagnosing -Warray-bounds in other cases where it's
quite difficult to deal with but it should be straightforward to diagnose the
cases where the operand is a string literal like in the test case below.
$ cat d.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout d.c
#define S "0123456789"
int f (void)
{
return S[16]; // -Warray-bounds (good)
}
int g (void)
{
const char *p = S + 16; // missing -Warray-bounds
return *p; // either here or above
}
int h (void)
{
const char *p = S;
return p[16]; // missing -Warray-bounds
}
d.c: In function ‘f’:
d.c:5:11: warning: array subscript 16 is above array bounds of ‘char[11]’
[-Warray-bounds]
return S[16]; // -Warray-bounds (good)
^
;; Function f (f, funcdef_no=0, decl_uid=1950, cgraph_uid=0, symbol_order=0)
f ()
{
char _1;
int _2;
<bb 2> [local count: 1073741825]:
_1 = "0123456789"[16];
_2 = (int) _1;
return _2;
}
;; Function g (g, funcdef_no=1, decl_uid=1953, cgraph_uid=1, symbol_order=1)
g ()
{
char _1;
int _3;
<bb 2> [local count: 1073741825]:
_1 = MEM[(const char *)"0123456789" + 16B];
_3 = (int) _1;
return _3;
}
;; Function h (h, funcdef_no=4, decl_uid=1957, cgraph_uid=2, symbol_order=2)
h ()
{
char _3;
int _4;
<bb 2> [local count: 1073741825]:
_3 = MEM[(const char *)"0123456789" + 16B];
_4 = (int) _3;
return _4;
}
