public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/99418] more cases where -fsanitize=bounds can check one-past-the-end accesses
Date: Tue, 09 Mar 2021 15:48:47 +0000 [thread overview]
Message-ID: <bug-99418-4-xT8j6mIlMJ@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-99418-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99418
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |56456
Status|WAITING |NEW
Keywords| |diagnostic
--- Comment #9 from Martin Sebor <msebor at gcc dot gnu.org> ---
I don't know enough about the sanitizer to judge how difficult it might be to
handle this case but a patch I posted in November
(https://gcc.gnu.org/pipermail/gcc-patches/2020-November/558775.html) enhances
-Warray-bounds to diagnose the test cases in comment #8:
$ g++ -O2 -S -Wall pr99418-c8.C
pr99418-c8.C: In function ‘void f()’:
pr99418-c8.C:7:10: warning: unused variable ‘p’ [-Wunused-variable]
7 | int& p = a[10]; // (1)
| ^
pr99418-c8.C:8:6: warning: subscript 10 in argument 1 to ‘void g(int&)’ is just
past the end of ‘int [10]’ [-Warray-bounds]
8 | g(a[10]); // (2)
| ~^~~~~~~
pr99418-c8.C:6:9: note: at offset 40 into source object ‘a’ of size 40
6 | int a[10];
| ^
The enhancement doesn't handle multidimensional VLAs like those in comment #1
but it looks like the IL has enough information to make the detection possible:
int main ()
{
int[0:D.2590][0:D.2587] * mas.4;
int * _4;
<bb 2> [local count: 1073741824]:
mas.4_3 = __builtin_alloca_with_align (48, 32);
_4 = &MEM <int[0:D.2590][0:D.2587]> [(int[0:D.2569][0:D.2565]
*)mas.4_3][3]{lb: 0 sz: 12}[3];
escape (_4);
return 0;
}
With that let me confirm this request for both -Warray-bounds (I'll resubmit
the patch for GCC 12) and for the sanitizer.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
prev parent reply other threads:[~2021-03-09 15:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-05 19:11 [Bug sanitizer/99418] New: sanitizer checks for accessing multidimentional VLA-array vanyacpp at gmail dot com
2021-03-06 22:53 ` [Bug sanitizer/99418] " vanyacpp at gmail dot com
2021-03-07 7:44 ` vanyacpp at gmail dot com
2021-03-08 9:15 ` marxin at gcc dot gnu.org
2021-03-08 10:14 ` jakub at gcc dot gnu.org
2021-03-08 18:23 ` msebor at gcc dot gnu.org
2021-03-09 8:39 ` vanyacpp at gmail dot com
2021-03-09 8:47 ` vanyacpp at gmail dot com
2021-03-09 8:54 ` vanyacpp at gmail dot com
2021-03-09 15:48 ` msebor at gcc dot gnu.org [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-99418-4-xT8j6mIlMJ@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).