https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83776
Bug ID: 83776 Summary: missing -Warray-bounds indexing past the end of a string literal Product: gcc Version: 8.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- MEM_REF gets in the way of diagnosing -Warray-bounds in other cases where it's quite difficult to deal with but it should be straightforward to diagnose the cases where the operand is a string literal like in the test case below. $ cat d.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout d.c #define S "0123456789" int f (void) { return S[16]; // -Warray-bounds (good) } int g (void) { const char *p = S + 16; // missing -Warray-bounds return *p; // either here or above } int h (void) { const char *p = S; return p[16]; // missing -Warray-bounds } d.c: In function ‘f’: d.c:5:11: warning: array subscript 16 is above array bounds of ‘char[11]’ [-Warray-bounds] return S[16]; // -Warray-bounds (good) ^ ;; Function f (f, funcdef_no=0, decl_uid=1950, cgraph_uid=0, symbol_order=0) f () { char _1; int _2; <bb 2> [local count: 1073741825]: _1 = "0123456789"[16]; _2 = (int) _1; return _2; } ;; Function g (g, funcdef_no=1, decl_uid=1953, cgraph_uid=1, symbol_order=1) g () { char _1; int _3; <bb 2> [local count: 1073741825]: _1 = MEM[(const char *)"0123456789" + 16B]; _3 = (int) _1; return _3; } ;; Function h (h, funcdef_no=4, decl_uid=1957, cgraph_uid=2, symbol_order=2) h () { char _3; int _4; <bb 2> [local count: 1073741825]: _3 = MEM[(const char *)"0123456789" + 16B]; _4 = (int) _3; return _4; }