https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89427
Bug ID: 89427
Summary: missing -Warray-bounds on a MEM_REF of array plus
offset
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The out-of-bounds access below is not diagnosed even though it could be. The
vrp_pro::check_mem_ref function gives up too soon. It's passed as an argument
MEM_REF (_2, 0) where _2 = &MEM[(void *)&a + 8B] + _1. It extracts the _2 but
bails when that's not an ADDR_EXPR of either a STRING_CST or VAR_DECL. It
should also look the argument of the inner MEM_REF and consider its size and
offset if it's a VAR_DECL.
$ cat u.c && gcc -O2 -S -Wall -Wextra -Warray-bounds=2 u.c
char a[8];
void f (int i)
{
char *p = a + sizeof a;
if (i < 5)
i = 5;
p[i] = 0; // missing -Warray-bounds
}
