[Bug c/52534] New: gcc doesn't detect incorrect expression in call to va

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start
@ 2012-03-08 21:14 mib.bugzilla at gmail dot com
  2012-03-12 14:10 ` [Bug c/52534] " rguenth at gcc dot gnu.org
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: mib.bugzilla at gmail dot com @ 2012-03-08 21:14 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52534

             Bug #: 52534
           Summary: gcc doesn't detect incorrect expression in call to
                    va_start
    Classification: Unclassified
           Product: gcc
           Version: 4.5.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: mib.bugzilla@gmail.com


The C standard is very clear that the second argument to va_start is a
parameter identifier, not an expression. 

For example,

int maxof(int, ...) ;
void f(void);

int maxof(int n_args, ...){
    register int i;
    int max, a;
    va_list ap;
    va_start(ap, (unsigned int)n_args);
    max = va_arg(ap, int);
    for(i = 2; i <= n_args; i++) {
       if((a = va_arg(ap, int)) > max) max = a;
    }
    va_end(ap);
    return max;
}

Intel compiler finds the bug:
vaarg.c(12): error: incorrect use of va_start
      va_start(ap, (unsigned int)n_args);
      ^


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug c/52534] gcc doesn't detect incorrect expression in call to va_start
  2012-03-08 21:14 [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start mib.bugzilla at gmail dot com
@ 2012-03-12 14:10 ` rguenth at gcc dot gnu.org
  2012-03-15  9:49 ` pinskia at gcc dot gnu.org
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2012-03-12 14:10 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52534

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |accepts-invalid
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2012-03-12
     Ever Confirmed|0                           |1

--- Comment #1 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-03-12 14:10:12 UTC ---
Confirmed.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug c/52534] gcc doesn't detect incorrect expression in call to va_start
  2012-03-08 21:14 [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start mib.bugzilla at gmail dot com
  2012-03-12 14:10 ` [Bug c/52534] " rguenth at gcc dot gnu.org
@ 2012-03-15  9:49 ` pinskia at gcc dot gnu.org
  2012-03-15 10:04 ` jakub at gcc dot gnu.org
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2012-03-15  9:49 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52534

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-03-15 09:41:38 UTC ---
      /* Strip off all nops for the sake of the comparison.  This
         is not quite the same as STRIP_NOPS.  It does more.
         We must also strip off INDIRECT_EXPR for C++ reference
         parameters.  */
      while (CONVERT_EXPR_P (arg)
             || TREE_CODE (arg) == INDIRECT_REF)
        arg = TREE_OPERAND (arg, 0);


Why are we stripping off the NOPS here.  This is in fold_builtin_next_arg
(builtins.c).


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug c/52534] gcc doesn't detect incorrect expression in call to va_start
  2012-03-08 21:14 [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start mib.bugzilla at gmail dot com
  2012-03-12 14:10 ` [Bug c/52534] " rguenth at gcc dot gnu.org
  2012-03-15  9:49 ` pinskia at gcc dot gnu.org
@ 2012-03-15 10:04 ` jakub at gcc dot gnu.org
  2024-04-09  6:41 ` pinskia at gcc dot gnu.org
  2024-04-09 11:06 ` jakub at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-03-15 10:04 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52534

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-03-15 10:03:59 UTC ---
Because otherwise
void
foo (char a, ...)
{
  __builtin_va_list va;
  __builtin_va_start (va, a);
  __builtin_va_end (va);
}
would not work (arg there is (int) a, as char is promoted to int).
IMHO if we want to diagnose this, it should be done in the C/C++ FEs, e.g.
for C FE perhaps in c_parser_postfix_expression_after_primary, by requiring
that
the second argument to __builtin_va_start is an identifier token, rathern than
a + 0 or similar.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug c/52534] gcc doesn't detect incorrect expression in call to va_start
  2012-03-08 21:14 [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start mib.bugzilla at gmail dot com
                   ` (2 preceding siblings ...)
  2012-03-15 10:04 ` jakub at gcc dot gnu.org
@ 2024-04-09  6:41 ` pinskia at gcc dot gnu.org
  2024-04-09 11:06 ` jakub at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-04-09  6:41 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52534

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Interesting clang accepts it also.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug c/52534] gcc doesn't detect incorrect expression in call to va_start
  2012-03-08 21:14 [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start mib.bugzilla at gmail dot com
                   ` (3 preceding siblings ...)
  2024-04-09  6:41 ` pinskia at gcc dot gnu.org
@ 2024-04-09 11:06 ` jakub at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-09 11:06 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52534

--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Note, if we warn, we shouldn't warn for C23 or later, because one can pass
anything there, like 3 arguments, or that (unsigned int)n_args, or just one,
etc.  And __builtin_va_start (ap, 0) is what is used regardless of the passed
argument in that case.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-04-09 11:06 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-08 21:14 [Bug c/52534] New: gcc doesn't detect incorrect expression in call to va_start mib.bugzilla at gmail dot com
2012-03-12 14:10 ` [Bug c/52534] " rguenth at gcc dot gnu.org
2012-03-15  9:49 ` pinskia at gcc dot gnu.org
2012-03-15 10:04 ` jakub at gcc dot gnu.org
2024-04-09  6:41 ` pinskia at gcc dot gnu.org
2024-04-09 11:06 ` jakub at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).