Hello,
I recently debugged a program that had an array indexing problem. The
simplified program is:
typedef struct tst_struct
{
unsigned n;
unsigned arr[3];
struct tst_struct *next;
} tst;
tst t = { 3, {0, 1, 2}, 0 };
int
main (void)
{
t.arr[t.n++] = 3;
}
The 't.arr[t.n++]' overwrites the 'next' field in the structure.
The bounds-checking code in the past could not find this problem
because the structure was seen as one big object. I modified the
bounds-checking code a long time ago to handle arrays special.
Arrays are now checked against the maximum array size. I had
to make one exception because of code like:
typedef struct tst_struct
{
unsigned n;
unsigned arr[1];
} tst;
This structure is normally extended using malloc. So I do not
check arrays when the array size is <= array element size.
This code also finds problems like:
int a[10][10];
printf("%d", a[0][11]);
Finally the question. Is it possible to add this extension
to mudflap so the above problem is found here as well.
I did find a lot of array indexing problems like the above
one in the past 10 years since I implemented it.
Herman.
