On 12/14/2017 09:18 AM, Jakub Jelinek wrote:
On Thu, Dec 14, 2017 at 09:13:21AM -0700, Jeff Law wrote:
Although I would prefer not to, I suppose if letting strlen cross
the boundaries of subobjects was considered an important use to
accommodate in limited cases the optimization could be disabled
for member arrays declared with the new nonstring attribute (while
still issuing a warning for it as GCC does today).
Another alternative (if the above use case is considered important
enough) might be to suppress the optimization for member character
arrays that are immediately followed by another such array.
History tells us that there will be someone out there that does this
kind of thing -- the question is how pervasive is it. My suspicion is
that it is not common.
Given that I don't expect those uses to be common, the only thing that
should break is non-conforming code and we have a (new) warning for such
code my inclination is to go forward.
So I'm OK with the patch. I'd give folks till Monday to chime in with
dissenting opinions.
Well, it would be nice to get sanitizers diagnose this at runtime. If we
know the array length at compile time, simply compare after the strlen
call the result and fail if it returns something above it. Or replace
the strlen call with strnlen for the compile time known size and add
instrumentation if strnlen returns the second argument.
Sure, that sounds like a useful enhancement. I'll look into
adding it as a follow-on patch unless you feel that it needs
to be part of the same package.
Martin