From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 274123959E66; Tue, 9 Mar 2021 15:48:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 274123959E66 From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/99418] more cases where -fsanitize=bounds can check one-past-the-end accesses Date: Tue, 09 Mar 2021 15:48:47 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 10.2.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: blocked bug_status keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2021 15:48:48 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99418 Martin Sebor changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |56456 Status|WAITING |NEW Keywords| |diagnostic --- Comment #9 from Martin Sebor --- I don't know enough about the sanitizer to judge how difficult it might be = to handle this case but a patch I posted in November (https://gcc.gnu.org/pipermail/gcc-patches/2020-November/558775.html) enhan= ces -Warray-bounds to diagnose the test cases in comment #8: $ g++ -O2 -S -Wall pr99418-c8.C pr99418-c8.C: In function =E2=80=98void f()=E2=80=99: pr99418-c8.C:7:10: warning: unused variable =E2=80=98p=E2=80=99 [-Wunused-v= ariable] 7 | int& p =3D a[10]; // (1) | ^ pr99418-c8.C:8:6: warning: subscript 10 in argument 1 to =E2=80=98void g(in= t&)=E2=80=99 is just past the end of =E2=80=98int [10]=E2=80=99 [-Warray-bounds] 8 | g(a[10]); // (2) | ~^~~~~~~ pr99418-c8.C:6:9: note: at offset 40 into source object =E2=80=98a=E2=80=99= of size 40 6 | int a[10]; | ^ The enhancement doesn't handle multidimensional VLAs like those in comment = #1 but it looks like the IL has enough information to make the detection possi= ble: int main () { int[0:D.2590][0:D.2587] * mas.4; int * _4; [local count: 1073741824]: mas.4_3 =3D __builtin_alloca_with_align (48, 32); _4 =3D &MEM [(int[0:D.2569][0:D.2565] *)mas.4_3][3]{lb: 0 sz: 12}[3]; escape (_4); return 0; } With that let me confirm this request for both -Warray-bounds (I'll resubmit the patch for GCC 12) and for the sanitizer. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D56456 [Bug 56456] [meta-bug] bogus/missing -Warray-bounds=