To make reviewing the changes easier I've split up the patch into a series:
1. Detection of nul-terminated constant arrays to prevent early folding. This resolves PR 86711 - wrong folding of memchr, and prevents PR 86714 - tree-ssa-forwprop.c confused by too long initializer, but doesn't warn. 2. Warn for reads past unterminated constant character arrays. This adds warnings for string functions called with such arrays to resolve PR 86552 - missing warning for reading past the end of non-string arrays. Now that GCC transforms braced-initializer lists into STRING_CSTs (even those with no nul), the warning is capable of diagnosing even those. 2.1 strlen 2.2 strcpy 2.3 sprintf 2.4 stpcpy 2.5 strnlen There are many more string functions where unterminated (constant or otherwise) should be diagnosed. I plan to continue to work on those (with the constant ones first) but I want to post this updated patch for review now, mainly so that the wrong code bug (PR 86711) can be resolved and the basic detection infrastructure agreed on. An open question in my mind is what should GCC do with such calls after issuing a warning: replace them with traps? Fold them into constants? Or continue to pass them through to the corresponding library functions? Martin On 07/25/2018 05:38 PM, Martin Sebor wrote:
Ping: https://gcc.gnu.org/ml/gcc-patches/2018-07/msg01124.html The fix for bug 86532 has been checked in so this enhancement can now be applied on top of it (with only minor adjustments). On 07/19/2018 02:08 PM, Martin Sebor wrote:In the discussion of my patch for pr86532 Bernd noted that GCC silently accepts constant character arrays with no terminating nul as arguments to strlen (and other string functions). The attached patch is a first step in detecting these kinds of bugs in strlen calls by issuing -Wstringop-overflow. The next step is to modify all other handlers of built-in functions to detect the same problem (not part of this patch). Yet another step is to detect these problems in arguments initialized using the non-string form: const char a[] = { 'a', 'b', 'c' }; This patch is meant to apply on top of the one for bug 86532 (I tested it with an earlier version of that patch so there is code in the context that does not appear in the latest version of the other diff). Martin
