https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98623
Bug ID: 98623
Summary: sanitizer does not diagnose when passing pointers to
arrays of incorrect run-time length
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: muecker at gwdg dot de
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
In the following example, there is no run-time error with -fsanitize=undefined
although the pointer types for the second argument are required to point to
compatible types and it is UB when variably modified types have non-matching
lengths when they are required to be compatible (6.7.6.2p6). From a practical
point of view, this would very desirable as it would close the last loop-hole
that prevents one from having proper bounds checking when using pointers to
VLAs.
(In this case, but not in general, it should also be possible to emit an error
at compile time.)
extern void f(int n, double (*x)[n]);
int main()
{
double a[10];
f(9, &a);
}
