From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-132605-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 7666 invoked by alias); 27 Feb 2005 04:49:29 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 7632 invoked by uid 48); 27 Feb 2005 04:49:22 -0000
Date: Sun, 27 Feb 2005 16:01:00 -0000
From: "kmk at ssl dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Message-ID: <20050227044915.20229.kmk@ssl.org>
Reply-To: gcc-bugzilla@gcc.gnu.org
Subject: [Bug debug/20229] New: -Wcast-qual option is easily evaded
X-Bugzilla-Reason: CC
X-SW-Source: 2005-02/txt/msg03285.txt.bz2
List-Id: <gcc-bugs.sourceware.org>

The -Wcast-qual option in GCC can easily be evaded by "clever" hacks, which
seriously reduces the utility of this feature in catching dangerous behavior
intentionally hidden by programmers from unit testers.

Here is code for a test case (which is extremely simple, and includes no
headers, so I am sending the source rather than the virtually-identical
intermediate file, which lacks comments):
-------------------

void evil_string_modifier(char *s) { s[0] = 0; }

int main(void) {

// This warns, as expected:
  evil_string_modifier("Test string one.");

// This also warns, as expected:
  evil_string_modifier((char *)"Test string two.");

// This, however, does not warn...but should:
  evil_string_modifier((char *)(int)"Test string three.");

}

---------------------------
The compiler output for the code given above:

Using built-in specs.
Configured with: ./configure --prefix=/usr --host=i386-just-dragonflybsd
Thread model: posix
gcc version 3.4.3 [DragonFly] (propolice, visibility)
 /usr/libexec/gcc34/cc1 -E -quiet -v -iprefix
/usr/libexec/gcc34/../gcc34//3.4.1/ bug.c -march=pentium3 -W -Wall
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wno-uninitialized
-Wall -W -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wchar-subscripts
-Winline -Wnested-externs -Wredundant-decls -O -o bug.i
ignoring nonexistent directory "/usr/libexec/gcc34/../gcc34//3.4.1/include"
ignoring nonexistent directory "/usr/libexec/gcc34/../gcc34//3.4.1/libdata/gcc34"
#include "..." search starts here:
#include <...> search starts here:
 /usr/include
 /usr/libdata/gcc34
End of search list.
 /usr/libexec/gcc34/cc1 -fpreprocessed bug.i -quiet -dumpbase bug.c
-march=pentium3 -auxbase bug -O -W -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Wno-uninitialized -Wall -W
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wchar-subscripts
-Winline -Wnested-externs -Wredundant-decls -version -o bug.s
GNU C version 3.4.3 (i386-just-dragonflybsd)
        compiled by GNU C version 2.95.4 20020320 [DragonFly].
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
bug.c:2: warning: no previous prototype for 'evil_string_modifier'
bug.c: In function `main':
bug.c:7: warning: passing arg 1 of `evil_string_modifier' discards qualifiers
from pointer target type
bug.c:10: warning: cast discards qualifiers from pointer target type
bug.c:15: warning: control reaches end of non-void function
 as -o bug.o bug.s
 ld -V -dynamic-linker /usr/libexec/ld-elf.so.1 -o bug /usr/lib/crt1.o
/usr/lib/crti.o /usr/lib/crtbegin.o -L/usr/lib/gcc34 bug.o -lgcc -lc -lgcc
/usr/lib/crtend.o /usr/lib/crtn.o
GNU ld version 2.15 [DragonFly] 2004-05-17
  Supported emulations:
   elf_i386

-- 
           Summary: -Wcast-qual option is easily evaded
           Product: gcc
           Version: 3.4.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: debug
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: kmk at ssl dot org
                CC: gcc-bugs at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229