public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/99418] more cases where -fsanitize=bounds can check one-past-the-end accesses Date: Tue, 09 Mar 2021 15:48:47 +0000 [thread overview] Message-ID: <bug-99418-4-xT8j6mIlMJ@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-99418-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418 Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |56456 Status|WAITING |NEW Keywords| |diagnostic --- Comment #9 from Martin Sebor <msebor at gcc dot gnu.org> --- I don't know enough about the sanitizer to judge how difficult it might be to handle this case but a patch I posted in November (https://gcc.gnu.org/pipermail/gcc-patches/2020-November/558775.html) enhances -Warray-bounds to diagnose the test cases in comment #8: $ g++ -O2 -S -Wall pr99418-c8.C pr99418-c8.C: In function ‘void f()’: pr99418-c8.C:7:10: warning: unused variable ‘p’ [-Wunused-variable] 7 | int& p = a[10]; // (1) | ^ pr99418-c8.C:8:6: warning: subscript 10 in argument 1 to ‘void g(int&)’ is just past the end of ‘int [10]’ [-Warray-bounds] 8 | g(a[10]); // (2) | ~^~~~~~~ pr99418-c8.C:6:9: note: at offset 40 into source object ‘a’ of size 40 6 | int a[10]; | ^ The enhancement doesn't handle multidimensional VLAs like those in comment #1 but it looks like the IL has enough information to make the detection possible: int main () { int[0:D.2590][0:D.2587] * mas.4; int * _4; <bb 2> [local count: 1073741824]: mas.4_3 = __builtin_alloca_with_align (48, 32); _4 = &MEM <int[0:D.2590][0:D.2587]> [(int[0:D.2569][0:D.2565] *)mas.4_3][3]{lb: 0 sz: 12}[3]; escape (_4); return 0; } With that let me confirm this request for both -Warray-bounds (I'll resubmit the patch for GCC 12) and for the sanitizer. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456 [Bug 56456] [meta-bug] bogus/missing -Warray-bounds
prev parent reply other threads:[~2021-03-09 15:48 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-05 19:11 [Bug sanitizer/99418] New: sanitizer checks for accessing multidimentional VLA-array vanyacpp at gmail dot com 2021-03-06 22:53 ` [Bug sanitizer/99418] " vanyacpp at gmail dot com 2021-03-07 7:44 ` vanyacpp at gmail dot com 2021-03-08 9:15 ` marxin at gcc dot gnu.org 2021-03-08 10:14 ` jakub at gcc dot gnu.org 2021-03-08 18:23 ` msebor at gcc dot gnu.org 2021-03-09 8:39 ` vanyacpp at gmail dot com 2021-03-09 8:47 ` vanyacpp at gmail dot com 2021-03-09 8:54 ` vanyacpp at gmail dot com 2021-03-09 15:48 ` msebor at gcc dot gnu.org [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-99418-4-xT8j6mIlMJ@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).