public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/113304] New: zero-length array and bound checking error
@ 2024-01-10 8:11 marcandre.lureau at gmail dot com
2024-01-10 8:27 ` [Bug sanitizer/113304] " pinskia at gcc dot gnu.org
2024-01-10 8:30 ` pinskia at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: marcandre.lureau at gmail dot com @ 2024-01-10 8:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113304
Bug ID: 113304
Summary: zero-length array and bound checking error
Product: gcc
Version: 13.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: marcandre.lureau at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
gcc (GCC) 13.2.1 20231205 (Red Hat 13.2.1-6)
gcc -fsanitize=bounds-strict -lubsan test.c
test.c:6:11: runtime error: index 3 out of bounds for type 'int [*]'
typedef struct BN {
int d[0];
} BN;
void test(BN *foo) {
foo->d[3] = 0;
}
int main(int argc, char *argv[])
{
struct BN {
int d[4];
} foo;
test((BN *)&foo);
return 0;
}
This coding style is used in bignum libraries, such as libtpms BN
implementation. Is this incompatible with bounds-strict usage?
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/113304] zero-length array and bound checking error
2024-01-10 8:11 [Bug sanitizer/113304] New: zero-length array and bound checking error marcandre.lureau at gmail dot com
@ 2024-01-10 8:27 ` pinskia at gcc dot gnu.org
2024-01-10 8:30 ` pinskia at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-01-10 8:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113304
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |documentation
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
-fsanitize=bounds-strict is the basically the same as `-fsanitize=bounds
-fstrict-flex-arrays=3` which says [0] is not a flexiable array either.
This should be better documented though. Even -fstrict-flex-arrays needs some
slightly better documentation, maybe examples will help.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/113304] zero-length array and bound checking error
2024-01-10 8:11 [Bug sanitizer/113304] New: zero-length array and bound checking error marcandre.lureau at gmail dot com
2024-01-10 8:27 ` [Bug sanitizer/113304] " pinskia at gcc dot gnu.org
@ 2024-01-10 8:30 ` pinskia at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-01-10 8:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113304
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2024-01-10
Status|UNCONFIRMED |NEW
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note -fsanitize=bounds-strict ignores the attribute strict_flex_array too which
is definitely not documented.
Confirmed for the documentation improvement.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-10 8:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-10 8:11 [Bug sanitizer/113304] New: zero-length array and bound checking error marcandre.lureau at gmail dot com
2024-01-10 8:27 ` [Bug sanitizer/113304] " pinskia at gcc dot gnu.org
2024-01-10 8:30 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).