public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/106626] Improvements to wording of -Wanalyzer-out-of-bounds Date: Thu, 01 Dec 2022 02:31:18 +0000 [thread overview] Message-ID: <bug-106626-4-s9QS3wf6G3@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-106626-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106626 --- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:d69a95c12cc91ec10d6a8c78f401bf6720b08fce commit r13-4426-gd69a95c12cc91ec10d6a8c78f401bf6720b08fce Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Nov 30 21:26:42 2022 -0500 analyzer: fix wording of 'number of bad bytes' note [PR106626] Consider -fanalyzer on: #include <stdint.h> int32_t arr[10]; void int_arr_write_element_after_end_far(int32_t x) { arr[100] = x; } Trunk x86_64: https://godbolt.org/z/7GqEcYGq6 Currently we emit: <source>: In function 'int_arr_write_element_after_end_far': <source>:7:12: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 7 | arr[100] = x; | ~~~~~~~~~^~~ event 1 | | 3 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_far': events 2-3 | | 5 | void int_arr_write_element_after_end_far(int32_t x) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) entry to 'int_arr_write_element_after_end_far' | 6 | { | 7 | arr[100] = x; | | ~~~~~~~~~~~~ | | | | | (3) out-of-bounds write from byte 400 till byte 403 but 'arr' ends at byte 40 | <source>:7:12: note: write is 4 bytes past the end of 'arr' 7 | arr[100] = x; | ~~~~~~~~~^~~ The wording of the final note: "write is 4 bytes past the end of 'arr'" reads to me as if the "4 bytes past" is describing where the access occurs, which seems wrong, as the write is far beyond the end of the array. Looking at the implementation, it's actually describing the number of bytes within the access that are beyond the bounds of the buffer. This patch updates the wording so that the final note reads "write of 4 bytes to beyond the end of 'arr'" which more clearly expresses that it's the size of the access being described. The patch also uses inform_n to avoid emitting "1 bytes". gcc/analyzer/ChangeLog: PR analyzer/106626 * bounds-checking.cc (buffer_overflow::emit): Use inform_n. Update wording to clarify that we're talking about the size of the bad access, rather than its position. (buffer_overread::emit): Likewise. gcc/testsuite/ChangeLog: PR analyzer/106626 * gcc.dg/analyzer/out-of-bounds-read-char-arr.c: Update for changes to expected wording. * gcc.dg/analyzer/out-of-bounds-read-int-arr.c: Likewise. * gcc.dg/analyzer/out-of-bounds-write-char-arr.c: Likewise. * gcc.dg/analyzer/out-of-bounds-write-int-arr.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
next prev parent reply other threads:[~2022-12-01 2:31 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-08-15 13:08 [Bug analyzer/106626] New: " dmalcolm at gcc dot gnu.org 2022-08-15 18:48 ` [Bug analyzer/106626] " cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org [this message] 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2023-04-07 12:36 ` dmalcolm at gcc dot gnu.org 2023-06-22 2:06 ` cvs-commit at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-106626-4-s9QS3wf6G3@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).