https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93514
Bug ID: 93514
Summary: missing warning on a strlen with a negative or just
past-the-end offset
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
Of the three calls with invalid arguments in the test case below only the last
one is diagnosed.
The negative offset isn't diagnosed because it points to ax2.i, so it's in
bounds of ax2. The offset +3 isn't diagnosed because the pointer is valid
(though just past the end) and the warning code in tree-vrp.c doesn't consider
how it's being used.
$ cat u.c && gcc -O2 -S -Wall -Wextra u.c
struct Ax { char i, a[]; };
static struct Ax ax2 = { 2, { 2, 1, 0 } };
void sink (int);
void f (void)
{
sink (__builtin_strlen (ax2.a - 1)); // { dg-warning "\\\[-Warray-bounds" }
sink (__builtin_strlen (ax2.a));
sink (__builtin_strlen (ax2.a + 1));
sink (__builtin_strlen (ax2.a + 2));
sink (__builtin_strlen (ax2.a + 3)); // { dg-warning "\\\[-Warray-bounds" }
sink (__builtin_strlen (ax2.a + 4)); // { dg-warning "\\\[-Warray-bounds" }
}
u.c: In function ‘f’:
u.c:14:9: warning: array subscript 5 is outside array bounds of ‘struct Ax[1]’
[-Warray-bounds]
14 | sink (__builtin_strlen (ax2.a + 4)); // { dg-warning
"\\\[-Warray-bounds" }
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
u.c:3:18: note: while referencing ‘ax2’
3 | static struct Ax ax2 = { 2, { 2, 1, 0 } };
| ^~~
