https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91463
Bug ID: 91463
Summary: missing -Warray-bounds accessing past the end of a
statically initialized flexible array member
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The past the end write to the flexible array member in f() is not diagnosed.
DECL_SIZE of the array is null but for variables with a non-empty DECL_INITIAL
the size can be determined from the CONSTRUCTOR, so it should be possible to
detect the out-of-bounds index that way.
$ cat x.c && gcc -O2 -S -Wall -fdump-tree-vrp=/dev/stdout x.c
struct S { int n, a[]; };
struct S s = { 2, { 1, 0 } };
void f (void)
{
s.a[666] = 0; // missing -Warray-bounds
}
;; Function f (f, funcdef_no=0, decl_uid=1912, cgraph_uid=1, symbol_order=1)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
Value ranges after VRP:
f ()
{
<bb 2> [local count: 1073741824]:
s.a[666] = 0;
return;
}
;; Function f (f, funcdef_no=0, decl_uid=1912, cgraph_uid=1, symbol_order=1)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
Value ranges after VRP:
f ()
{
<bb 2> [local count: 1073741824]:
s.a[666] = 0;
return;
}
