From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id AB81F385B534; Thu, 1 Dec 2022 02:31:23 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AB81F385B534 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669861883; bh=fmR7X22BasmH4N1tMx0BjtMUnEo0KchLBuCI/k52xpI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=fMirMXS0R8uESV8DXB+Skp9DsdT/KbHmc6t280V9lg8yVVo49u9+QFX5vVpbCAxme 3x8fx42ZuvbZ3QmY9Ni04hf7Xct3IJtACaKhqH6n6ZKwwmLAf2sNZthOIJfKns1qMr /pBAX5+R98Jzo2sGgJLDuD6tySm2+/fi4CXonhlw= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/106626] Improvements to wording of -Wanalyzer-out-of-bounds Date: Thu, 01 Dec 2022 02:31:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106626 --- Comment #3 from CVS Commits --- The master branch has been updated by David Malcolm : https://gcc.gnu.org/g:7c655699ed51b0c987e5472767db48b19044ae05 commit r13-4427-g7c655699ed51b0c987e5472767db48b19044ae05 Author: David Malcolm Date: Wed Nov 30 21:26:42 2022 -0500 analyzer: add note about valid subscripts [PR106626] Consider -fanalyzer on: #include int32_t arr[10]; void int_arr_write_element_after_end_off_by_one(int32_t x) { arr[10] =3D x; } Trunk x86_64: https://godbolt.org/z/17zn3qYY4 Currently we emit: : In function 'int_arr_write_element_after_end_off_by_one': :7:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 7 | arr[10] =3D x; | ~~~~~~~~^~~ event 1 | | 3 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': events 2-3 | | 5 | void int_arr_write_element_after_end_off_by_one(int= 32_t x) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) entry to 'int_arr_write_element_after_end_off_by_one' | 6 | { | 7 | arr[10] =3D x; | | ~~~~~~~~~~~ | | | | | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | :7:11: note: write of 4 bytes to beyond the end of 'arr' 7 | arr[10] =3D x; | ~~~~~~~~^~~ This is worded in terms of bytes, due to the way -Wanalyzer-out-of-boun= ds is implemented, but this isn't what the user wrote. This patch tries to get closer to the user's code by adding a note about array bounds when we're referring to an array. In the above example it adds this trailing note: note: valid subscripts for 'arr' are '[0]' to '[9]' gcc/analyzer/ChangeLog: PR analyzer/106626 * bounds-checking.cc (out_of_bounds::maybe_describe_array_bound= s): New. (buffer_overflow::emit): Call maybe_describe_array_bounds. (buffer_overread::emit): Likewise. (buffer_underflow::emit): Likewise. (buffer_underread::emit): Likewise. gcc/testsuite/ChangeLog: PR analyzer/106626 * gcc.dg/analyzer/call-summaries-2.c: Add dg-message for expect= ed note about valid indexes. * gcc.dg/analyzer/out-of-bounds-1.c: Likewise, fixing up existi= ng dg-message directives. * gcc.dg/analyzer/out-of-bounds-write-char-arr.c: Likewise. * gcc.dg/analyzer/out-of-bounds-write-int-arr.c: Likewise. Signed-off-by: David Malcolm =