On 12/02/2016 11:11 AM, Jakub Jelinek wrote:
On Fri, Dec 02, 2016 at 11:02:33AM -0700, Jeff Law wrote:
It won't cause any problems in this and probably most instances, but leaving
the code in its prior state is simply wrong from a maintenance standpoint.
I'd much rather have the code explicitly and safely handle the zero operands
case so that if someone makes a change later they don't have to worry about
whether or not they're accessing memory which was never allocated.
Additionally, it removes a false positive from the warning, thus making less
noise.
It's not unlike the strictly unnecessary initializations we do to shut up
-Wuninitialized.
But -Wuninitialized also found tons of real-world bugs. Do we have a single
real-world example where such a warning would actually be useful (as in,
there would be an actual bug)? Otherwise we are adding workarounds for a
warning that just forces people to add those workarounds, but doesn't
improve code in the wild in any way.
Have you looked in depth at the lto.c issue it flagged? I can't prove
that one is safe.
And more generally, an under-sized allocation is a security risk. We
should continue to try and identify those and warn for them.
jeff
