https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89990
Bug ID: 89990
Summary: request warning: Use of out of bound compound
initialised struct
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: dgilbert at redhat dot com
Target Milestone: ---
gcc version 9.0.1 20190312 (Red Hat 9.0.1-0.10) (GCC)
on Fedora 30, x86-64
We tripped over code like this in qemu which seems obvious enough that a
warning would be nice:
int foo(mytype *ptr)
{
if (!ptr) {
ptr = &(mytype) { };
}
if (ptr->p) ....
}
which worked OK on gcc 8, but seg'd on gcc 9 because ptr->p contained rubbish
since the compiler had noticed that the &() { }; went out of scope at the end
of the if.
So a warning would be nice if:
a) A pointer is initialised to point to an initialiser like that
b) That goes out of scope
c) The pointer is then unconditionally used.
The original qemu code is:
https://git.qemu.org/?p=qemu.git;a=blob;f=tests/libqos/qgraph.c;h=122efc1b7b8413bc69d81f2906c89f06eccd994a;hb=HEAD#l75
75 static void add_edge(const char *source, const char *dest,
76 QOSEdgeType type, QOSGraphEdgeOptions *opts)
77 {
78 char *key;
79 QOSGraphEdgeList *list = g_hash_table_lookup(edge_table, source);
80
81 if (!list) {
82 list = g_new0(QOSGraphEdgeList, 1);
83 key = g_strdup(source);
84 g_hash_table_insert(edge_table, key, list);
85 }
86
87 if (!opts) {
88 opts = &(QOSGraphEdgeOptions) { };
89 }
90
91 QOSGraphEdge *edge = g_new0(QOSGraphEdge, 1);
92 edge->type = type;
93 edge->dest = g_strdup(dest);
94 edge->edge_name = g_strdup(opts->edge_name ?: dest);
95 edge->arg = g_memdup(opts->arg, opts->size_arg);
