public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/98623] New: sanitizer does not diagnose when passing pointers to arrays of incorrect run-time length
@ 2021-01-11 16:20 muecker at gwdg dot de
2021-01-11 17:45 ` [Bug sanitizer/98623] " msebor at gcc dot gnu.org
2023-05-29 10:35 ` muecker at gwdg dot de
0 siblings, 2 replies; 3+ messages in thread
From: muecker at gwdg dot de @ 2021-01-11 16:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98623
Bug ID: 98623
Summary: sanitizer does not diagnose when passing pointers to
arrays of incorrect run-time length
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: muecker at gwdg dot de
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
In the following example, there is no run-time error with -fsanitize=undefined
although the pointer types for the second argument are required to point to
compatible types and it is UB when variably modified types have non-matching
lengths when they are required to be compatible (6.7.6.2p6). From a practical
point of view, this would very desirable as it would close the last loop-hole
that prevents one from having proper bounds checking when using pointers to
VLAs.
(In this case, but not in general, it should also be possible to emit an error
at compile time.)
extern void f(int n, double (*x)[n]);
int main()
{
double a[10];
f(9, &a);
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/98623] sanitizer does not diagnose when passing pointers to arrays of incorrect run-time length
2021-01-11 16:20 [Bug sanitizer/98623] New: sanitizer does not diagnose when passing pointers to arrays of incorrect run-time length muecker at gwdg dot de
@ 2021-01-11 17:45 ` msebor at gcc dot gnu.org
2023-05-29 10:35 ` muecker at gwdg dot de
1 sibling, 0 replies; 3+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-01-11 17:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98623
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msebor at gcc dot gnu.org
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The middle end doesn't do anything with pointers to arrays yet but I agree
handling those would be a useful enhancement. I don't see the benefit of
diagnosing the case in comment #0 where the array is bigger than the bound
indicates. I do see the value of diagnosing this form:
extern void f(int n, double (*x)[n]);
int main()
{
double a[10];
f(11, &a);
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug sanitizer/98623] sanitizer does not diagnose when passing pointers to arrays of incorrect run-time length
2021-01-11 16:20 [Bug sanitizer/98623] New: sanitizer does not diagnose when passing pointers to arrays of incorrect run-time length muecker at gwdg dot de
2021-01-11 17:45 ` [Bug sanitizer/98623] " msebor at gcc dot gnu.org
@ 2023-05-29 10:35 ` muecker at gwdg dot de
1 sibling, 0 replies; 3+ messages in thread
From: muecker at gwdg dot de @ 2023-05-29 10:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98623
--- Comment #2 from Martin Uecker <muecker at gwdg dot de> ---
PATCH: https://gcc.gnu.org/pipermail/gcc-patches/2023-May/619943.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-05-29 10:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 16:20 [Bug sanitizer/98623] New: sanitizer does not diagnose when passing pointers to arrays of incorrect run-time length muecker at gwdg dot de
2021-01-11 17:45 ` [Bug sanitizer/98623] " msebor at gcc dot gnu.org
2023-05-29 10:35 ` muecker at gwdg dot de
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).