[Bug middle-end/91535] New: missing warning on strchr reading from an empty constant array

Fri, 23 Aug 2019 15:04:10 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91535

            Bug ID: 91535
           Summary: missing warning on strchr reading from an empty
                    constant array
           Product: gcc
           Version: 9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

GCC diagnoses calls to string functions like strcpy or strlen that attempt to
access an empty flexible array member of constant object but it doesn't issue
the same warning for calls to strchr, strrchr, or strdup and others.

The handlers of all built-ins that accept string arguments should be reviewed
to make sure they diagnose these bugs.

$ cat x.c && gcc -O2 -S -Wall x.c
const struct S { int i; char a[]; } s = { 0 };

int f0 (void)
{
  return __builtin_strlen (s.a);
}

int f1 (void)
{
  return __builtin_strcmp (s.a, "123");
}

int f2 (void)
{
  return __builtin_strcmp ("123", s.a);
}

void f3 (char *d)
{
  __builtin_strcpy (d, s.a);
}

int f4 (char *d)
{
  return 0 != __builtin_strchr (s.a, 'x');   // missing warning
}

int f5 (char *d)
{
  return 0 != __builtin_strrchr (s.a, 'x');   // missing warning
}

x.c: In function ‘f0’:
x.c:5:29: warning: offset ‘0’ outside bounds of constant string
[-Warray-bounds]
    5 |   return __builtin_strlen (s.a);
      |                            ~^~
x.c:1:37: note: ‘s’ declared here
    1 | const struct S { int i; char a[]; } s = { 0 };
      |                                     ^
x.c: In function ‘f3’:
x.c:20:25: warning: offset ‘0’ outside bounds of constant string
[-Warray-bounds]
   20 |   __builtin_strcpy (d, s.a);
      |                        ~^~
x.c:1:37: note: ‘s’ declared here
    1 | const struct S { int i; char a[]; } s = { 0 };
      |                                     ^
x.c: In function ‘f1’:
x.c:10:29: warning: offset ‘0’ outside bounds of constant string
[-Warray-bounds]
   10 |   return __builtin_strcmp (s.a, "123");
      |                            ~^~
x.c:1:37: note: ‘s’ declared here
    1 | const struct S { int i; char a[]; } s = { 0 };
      |                                     ^
x.c: In function ‘f2’:
x.c:15:36: warning: offset ‘0’ outside bounds of constant string
[-Warray-bounds]
   15 |   return __builtin_strcmp ("123", s.a);
      |                                   ~^~
x.c:1:37: note: ‘s’ declared here
    1 | const struct S { int i; char a[]; } s = { 0 };
      |                                     ^

Reply via email to