https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84079
Bug ID: 84079
Summary: missing -Warray-bounds taking the address of a
multidimensional array element
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Warray-bounds checker correctly diagnoses the out-of-bounds references in
the first two functions in the test case below but misses the third, even
though the referenced (nonexistent) element is at the same offset from the end
of the array in both g() and h(). (It's valid to take address of a[2] when a
has just two elements, but it is invalid to take the address of an element of
the subarray a[2].)
$ cat t.c && gcc -O2 -S -Warray-bounds=2 t.c
int a[2][3];
int f (void)
{
return a[2][0]; // -Warray-bounds (good)
}
int* g (void)
{
return &a[3][2]; // -Warray-bounds (good)
}
int* h (void)
{
return &a[2][3]; // missing -Warray-bounds
}
t.c: In function ‘f’:
t.c:5:11: warning: array subscript 2 is above array bounds of ‘int[2][3]’
[-Warray-bounds]
return a[2][0]; // -Warray-bounds (good)
~^~~
t.c: In function ‘g’:
t.c:10:10: warning: array subscript 3 is above array bounds of ‘int[2][3]’
[-Warray-bounds]
return &a[3][2]; // -Warray-bounds (good)
^~~~~~~~
