https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000
Bug ID: 106000
Summary: RFE: -fanalyzer should complain about definite buffer
overflows/underflows
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 105887
Target Milestone: ---
I attempted to implement buffer-overflow (and underflow) detection for GCC 12,
trying to categorize all region accesses as either:
(a) definitely in-bounds
(b) definitely out-of-bounds
(c) possibly out-of-bounds
Unfortunately my implementation led to a "wall of noise" level of warnings from
(c). It now strikes me that we could at least implement warnings for (b) -
where we can see definite problems, and that this might be at least somewhat
useful.
Compare with:
https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-arraybound-c
https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-arrayboundv2-c
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
[Bug 105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could
implement
