[Bug c/63233] New: Valid out of bounds access leads to undefined behavior

[Bug c/63233] New: Valid out of bounds access leads to undefined behavior

[leis at in dot tum.de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

            Bug ID: 63233
           Summary: Valid out of bounds access leads to undefined behavior
           Product: gcc
           Version: 4.9.1
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: leis at in dot tum.de

Consider the following (minimized) program:

#include <stdlib.h>
#include <stdio.h>

struct Foo {
   int a[1];
   int b;
};

int main(int argc, char** argv) {
   int index = atoi(argv[1]);

   struct Foo foo;
   foo.a[1] = 99;

   printf("%d\n", foo.a[index]);

   return 0;
}

When compiled with -O1 or higher and called with 1 as command line argument an
undefined value instead of 99 is printed. In my understanding of the standard,
foo.a is a pointer and foo.a[1] is simply (foo.a+1), which is a perfectly fine
memory address.

This program always prints the expected value (99) with clang (3.5) and icc
(14) on all optimization levels. In gcc 4.3.4 I get the expected result on -O0
and -O1 but not on -O2 or -O3.

[Bug c/63233] Valid out of bounds access leads to undefined behavior

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is not a valid out of bounds access in C.

[Bug c/63233] Missing Warray-bounds warning for array within struct

[manu at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

Manuel López-Ibáñez <manu at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |diagnostic
             Status|RESOLVED                    |NEW
   Last reconfirmed|                            |2014-09-11
                 CC|                            |manu at gcc dot gnu.org
         Resolution|INVALID                     |---
            Summary|Valid out of bounds access  |Missing Warray-bounds
                   |leads to undefined behavior |warning for array within
                   |                            |struct
     Ever confirmed|0                           |1

--- Comment #2 from Manuel López-Ibáñez <manu at gcc dot gnu.org> ---
This should be warned by Warray-bounds. Clang warns even at -O0, so this case
can even be warned in the FE:

test.c:10:3: warning: array index 1 is past the end of the array (which
contains 1 element) [-Warray-bounds]
  foo.a[1] = 99;
  ^     ~
test.c:2:3: note: array 'a' declared here
  int a[1];
  ^
test.c:12:10: warning: array index 1 is past the end of the array (which
contains 1 element) [-Warray-bounds]
  return foo.a[1];
         ^     ~
test.c:2:3: note: array 'a' declared here
  int a[1];
  ^
>From gcc-bugs-return-461624-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Sep 11 22:11:35 2014
Return-Path: <gcc-bugs-return-461624-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 20373 invoked by alias); 11 Sep 2014 22:11:35 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 20345 invoked by uid 48); 11 Sep 2014 22:11:31 -0000
From: "manu at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/63233] Missing Warray-bounds warning for array within struct
Date: Thu, 11 Sep 2014 22:11:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 4.9.1
X-Bugzilla-Keywords: diagnostic
X-Bugzilla-Severity: major
X-Bugzilla-Who: manu at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-63233-4-GyDsJxLr1N@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-63233-4@http.gcc.gnu.org/bugzilla/>
References: <bug-63233-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-09/txt/msg01458.txt.bz2
Content-length: 523

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

--- Comment #3 from Manuel López-Ibáñez <manu at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #1)
> This is not a valid out of bounds access in C.

Sometime it might be better to acknowledge where GCC could help rather than
simply close the bug saying to users "you are wrong". Who knows, some user may
decide to implement a fix themselves. We all know that GCC is in need of all
the help it can get to not be completely left behind.
>From gcc-bugs-return-461625-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Sep 11 22:12:37 2014
Return-Path: <gcc-bugs-return-461625-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 21236 invoked by alias); 11 Sep 2014 22:12:37 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 21212 invoked by uid 48); 11 Sep 2014 22:12:32 -0000
From: "pangbw at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/63234] New: arm used label is removed
Date: Thu, 11 Sep 2014 22:12:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 4.9.1
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pangbw at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-63234-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-09/txt/msg01459.txt.bz2
Content-length: 373

https://gcc.gnu.org/bugzilla/show_bug.cgi?idc234

            Bug ID: 63234
           Summary: arm used label is removed
           Product: gcc
           Version: 4.9.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: pangbw at gmail dot com

[Bug c/63233] Missing Warray-bounds warning for array within struct

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
We don't warn about off by one errors in the array because of different
reasons.

Dup of bug 52954 then.

*** This bug has been marked as a duplicate of bug 52954 ***

[Bug c/63233] Missing Warray-bounds warning for array within struct

[leis at in dot tum.de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

--- Comment #5 from leis at in dot tum.de ---
Thanks. I did notice that I get warning with optimization but not without,
which is strange indeed.

However, obviously my real problem is more complicated, and I'm trying to
understand if I violate the standard. If I pick apart the offending
line (foo.a[1] = 99;):

int* p1 = foo.a;  //1
int* p2 = p1 + 1; //2
*p2 = 99;         //3

Which of these lines causes the undefined behavior? Why should pointer p2 be
invalid?

Fundamentally, what I'm really trying to do, is to have two arrays (of
different types) in a fixed-sized struct. One array grows from the front, and
one from the end. Dynamically I make sure that they do not overlap, but the
sizes of the two arrays are not known statically. Is it really violating the
standard?

[Bug c/63233] Missing Warray-bounds warning for array within struct

[mikpelinux at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63233

--- Comment #6 from Mikael Pettersson <mikpelinux at gmail dot com> ---
(In reply to leis from comment #5)
> Fundamentally, what I'm really trying to do, is to have two arrays (of
> different types) in a fixed-sized struct. One array grows from the front,
> and one from the end. Dynamically I make sure that they do not overlap, but
> the sizes of the two arrays are not known statically. Is it really violating
> the standard?

Something like

union u {
  int a[50];
  char b[50 * sizeof int];
};

and accessing one array with incrementing indices and the other with
decrementing indices should work, if I understand your problem statement
correctly.  But this is now about programming not a gcc bug, so please use
gcc-help or some general C programming forum instead.