From: Martin Sebor <msebor@gmail.com>
To: Gcc Patch List <gcc-patches@gcc.gnu.org>, Jeff Law <law@redhat.com>
Subject: [PATCH 6/6] detect unterminated const arrays in strnlen calls (PR 86552)
Date: Mon, 13 Aug 2018 21:29:00 -0000 [thread overview]
Message-ID: <90953771-af77-b1a6-2215-fc48a07cebd6@gmail.com> (raw)
In-Reply-To: <fcafd5f3-b8fa-faa3-29f4-41fab9d927c8@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 131 bytes --]
The attached changes implement the detection of past-the-end reads
by strncpy due to unterminated arguments and excessive bounds.
[-- Attachment #2: gcc-86552-6.diff --]
[-- Type: text/x-patch, Size: 20156 bytes --]
PR tree-optimization/86552 - missing warning for reading past the end of non-string arrays
gcc/ChangeLog:
* builtins.c (expand_builtin_strnlen): Detect, avoid expanding,
and diagnose unterminated arrays.
gcc/testsuite/ChangeLog:
* gcc.dg/warn-strnlen-no-nul.c: New.
diff --git a/gcc/builtins.c b/gcc/builtins.c
index 2f493d3..46df2ea 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -582,11 +582,16 @@ warn_string_no_nul (location_t loc, tree exp, tree fndecl, tree nonstr)
/* If EXP refers to an unterminated constant character array return
the declaration of the object of which the array is a member or
- element. Otherwise return null. */
+ element and if SIZE is not null, set *SIZE to the size of
+ the unterminated array and set *EXACT if the size is exact or
+ clear it otherwise. Otherwise return null. */
tree
-unterminated_array (tree exp)
+unterminated_array (tree exp, tree *size /* = NULL */, bool *exact /* = NULL */)
{
+ /* Offset from the beginning of the array or null. */
+ tree off = NULL_TREE;
+
if (TREE_CODE (exp) == SSA_NAME)
{
gimple *stmt = SSA_NAME_DEF_STMT (exp);
@@ -595,18 +600,43 @@ unterminated_array (tree exp)
tree rhs1 = gimple_assign_rhs1 (stmt);
tree_code code = gimple_assign_rhs_code (stmt);
- if (code == ADDR_EXPR
- && TREE_CODE (TREE_OPERAND (rhs1, 0)) == ARRAY_REF)
- rhs1 = rhs1;
- else if (code != POINTER_PLUS_EXPR)
+ if ((code == ADDR_EXPR
+ && TREE_CODE (TREE_OPERAND (rhs1, 0)) == ARRAY_REF)
+ || code == POINTER_PLUS_EXPR)
+ {
+ /* Store the index or offset. */
+ off = gimple_assign_rhs2 (stmt);
+ exp = rhs1;
+ }
+ else
return NULL_TREE;
-
- exp = rhs1;
}
tree nonstr;
- if (c_strlen (exp, 1, &nonstr) && nonstr)
- return nonstr;
+ tree len = c_strlen (exp, 1, &nonstr);
+ if (len && nonstr)
+ {
+ if (size)
+ {
+ if (off)
+ {
+ if (TREE_CODE (off) == INTEGER_CST)
+ {
+ /* Subtract the offset from the size of the array. */
+ *exact = true;
+ off = fold_convert (ssizetype, off);
+ len = fold_build2 (MINUS_EXPR, ssizetype, len, off);
+ }
+ else
+ *exact = false;
+ }
+ else
+ *exact = true;
+
+ *size = len;
+ }
+ return nonstr;
+ }
return NULL_TREE;
}
@@ -3068,7 +3098,8 @@ expand_builtin_strnlen (tree exp, rtx target, machine_mode target_mode)
tree maxobjsize = max_object_size ();
tree func = get_callee_fndecl (exp);
- tree len = c_strlen (src, 0);
+ tree nonstr;
+ tree len = c_strlen (src, 0, &nonstr);
if (TREE_CODE (bound) == INTEGER_CST)
{
@@ -3080,8 +3111,41 @@ expand_builtin_strnlen (tree exp, rtx target, machine_mode target_mode)
exp, func, bound, maxobjsize))
TREE_NO_WARNING (exp) = true;
+ bool exact = true;
if (!len || TREE_CODE (len) != INTEGER_CST)
- return NULL_RTX;
+ {
+ /* Clear EXACT if LEN may be less than SRC suggests,
+ such as in
+ strnlen (&a[i], sizeof a)
+ where the value of i is unknown. Unless i's value is
+ zero, the call is unsafe because the bound is greater. */
+ nonstr = unterminated_array (src, &len, &exact);
+ if (!nonstr)
+ return NULL_RTX;
+ }
+
+ if (nonstr
+ && !TREE_NO_WARNING (exp)
+ && (tree_int_cst_lt (len, bound)
+ || !exact))
+ {
+ location_t warnloc
+ = expansion_point_location_if_in_system_header (loc);
+
+ if (warning_at (warnloc, OPT_Wstringop_overflow_,
+ exact
+ ? G_("%K%qD specified bound %E exceeds the size %E "
+ "of unterminated array")
+ : G_("%K%qD specified bound %E may exceed the size "
+ "of at most %E of unterminated array"),
+ exp, func, bound, len))
+ {
+ inform (DECL_SOURCE_LOCATION (nonstr),
+ "referenced argument declared here");
+ TREE_NO_WARNING (exp) = true;
+ return NULL_RTX;
+ }
+ }
len = fold_convert_loc (loc, size_type_node, len);
len = fold_build2_loc (loc, MIN_EXPR, size_type_node, len, bound);
@@ -3107,6 +3171,18 @@ expand_builtin_strnlen (tree exp, rtx target, machine_mode target_mode)
if (!len || TREE_CODE (len) != INTEGER_CST)
return NULL_RTX;
+ if (!TREE_NO_WARNING (exp)
+ && wi::ltu_p (wi::to_wide (len), min)
+ && warning_at (loc, OPT_Wstringop_overflow_,
+ "%K%qD specified bound [%wu, %wu] "
+ "exceeds the size %E of unterminated array",
+ exp, func, min.to_uhwi (), max.to_uhwi (), len))
+ {
+ inform (DECL_SOURCE_LOCATION (nonstr),
+ "referenced argument declared here");
+ TREE_NO_WARNING (exp) = true;
+ }
+
if (wi::gtu_p (min, wi::to_wide (len)))
return expand_expr (len, target, target_mode, EXPAND_NORMAL);
diff --git a/gcc/builtins.h b/gcc/builtins.h
index f722dd8..c55fa6b 100644
--- a/gcc/builtins.h
+++ b/gcc/builtins.h
@@ -103,7 +103,7 @@ extern bool target_char_cst_p (tree t, char *p);
extern internal_fn associated_internal_fn (tree);
extern internal_fn replacement_internal_fn (gcall *);
-extern tree unterminated_array (tree);
+extern tree unterminated_array (tree, tree * = NULL, bool * = NULL);
extern void warn_string_no_nul (location_t, tree, tree, tree);
extern tree max_object_size ();
diff --git a/gcc/testsuite/gcc.dg/warn-strnlen-no-nul.c b/gcc/testsuite/gcc.dg/warn-strnlen-no-nul.c
new file mode 100644
index 0000000..09a527e
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/warn-strnlen-no-nul.c
@@ -0,0 +1,356 @@
+/* PR tree-optimization/86552 - missing warning for reading past the end
+ of non-string arrays
+ { dg-do compile }
+ { dg-options "-O2 -Wall -ftrack-macro-expansion=0" } */
+
+typedef __SIZE_TYPE__ size_t;
+extern size_t strnlen (const char*, size_t);
+
+const char a[5] = "12345"; /* { dg-message "declared here" } */
+enum { asz = sizeof a };
+
+int v0 = 0;
+int v1 = 1;
+
+void sink (int, ...);
+
+#define CONCAT(a, b) a ## b
+#define CAT(a, b) CONCAT(a, b)
+
+#define T(str, n) \
+ __attribute__ ((noipa)) \
+ void CAT (test_, __LINE__) (void) { \
+ int i0 = 0, i1 = i0 + 1, i2 = i1 + 1, i3 = i2 + 1; \
+ sink (strnlen (str, n), i0, i1, i2, i3); \
+ } typedef void dummy_type
+
+T (a, asz);
+T (a, asz - 1);
+T (a, asz - 2);
+T (a, asz - 5);
+T (&a[0], asz);
+T (&a[0] + 1, asz); /* { dg-warning "specified bound 5 exceeds the size 4 of unterminated array" } */
+T (&a[1], asz); /* { dg-warning "specified bound 5 exceeds the size 4 of unterminated array" } */
+T (&a[1], asz - 1);
+T (&a[v0], asz); /* { dg-warning "specified bound 5 may exceed the size of at most 5 of unterminated array" } */
+T (&a[v0] + 1, asz); /* { dg-warning "specified bound 5 may exceed the size of at most 5 of unterminated array" } */
+
+T (a, asz + 1); /* { dg-warning "specified bound 6 exceeds the size 5 " } */
+T (&a[0], asz + 1); /* { dg-warning "unterminated" } */
+T (&a[0] + 1, asz - 1);
+T (&a[0] + 1, asz + 1); /* { dg-warning "unterminated" } */
+T (&a[1], asz + 1); /* { dg-warning "unterminated" } */
+T (&a[v0], asz + 1); /* { dg-warning "unterminated" } */
+T (&a[v0] + 1, asz + 1); /* { dg-warning "unterminated" } */
+
+
+const char b[][5] = { /* { dg-message "declared here" } */
+ "12", "123", "1234", "54321"
+};
+enum { bsz = sizeof b[0] };
+
+T (b[0], bsz);
+T (b[1], bsz);
+T (b[2], bsz);
+T (b[3], bsz);
+
+T (b[0], bsz - 1);
+T (b[1], bsz - 1);
+T (b[2], bsz - 1);
+T (b[3], bsz - 1);
+
+T (b[0], bsz + 1);
+T (b[1], bsz + 1);
+T (b[2], bsz + 1);
+T (b[3], bsz + 1); /* { dg-warning "unterminated" } */
+
+T (b[i0], bsz);
+T (b[i1], bsz);
+T (b[i2], bsz);
+T (b[i3], bsz);
+
+T (b[i0], bsz + 1);
+T (b[i1], bsz + 1);
+T (b[i2], bsz + 1);
+T (b[i3], bsz + 1); /* { dg-warning "unterminated" } */
+
+T (b[v0], bsz);
+T (b[v0], bsz + 1);
+
+T (&b[i2][i1], bsz);
+T (&b[i2][i1] + i1, bsz);
+T (&b[i2][v0], bsz);
+T (&b[i2][i1] + v0, bsz);
+
+T (&b[i2][i1], bsz + 1);
+T (&b[i2][i1] + i1, bsz + 1);
+T (&b[i2][v0], bsz + 1);
+T (&b[i2][i1] + v0, bsz + 1);
+
+T (&b[2][1], bsz);
+T (&b[2][1] + i1, bsz);
+T (&b[2][i0], bsz);
+T (&b[2][1] + i0, bsz);
+T (&b[2][1] + v0, bsz);
+T (&b[2][v0], bsz);
+
+T (&b[2][1], bsz + 1);
+T (&b[2][1] + i1, bsz + 1);
+T (&b[2][i0], bsz + 1);
+T (&b[2][1] + i0, bsz + 1);
+T (&b[2][1] + v0, bsz + 1);
+T (&b[2][v0], bsz + 1);
+
+T (&b[3][1], bsz); /* { dg-warning "unterminated" } */
+T (&b[3][1], bsz - 1);
+T (&b[3][1] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&b[3][1] + 1, bsz - 1); /* { dg-warning "unterminated" } */
+T (&b[3][1] + 1, bsz - 2);
+T (&b[3][1] + i1, bsz); /* { dg-warning "unterminated" } */
+T (&b[3][1] + i1, bsz - i1); /* { dg-warning "unterminated" } */
+T (&b[3][1] + i1, bsz - i2);
+T (&b[3][v0], bsz);
+T (&b[3][1] + v0, bsz); /* { dg-warning "specified bound 5 may exceed the size of at most 4 of unterminated array" } */
+T (&b[3][v0] + v1, bsz); /* { dg-warning "specified bound 5 may exceed the size of at most 4 of unterminated array" "pr?????" { xfail *-*-* } } */
+
+T (&b[3][1], bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[3][1] + 1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[3][1] + i1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[3][v0], bsz + 1); /* { dg-warning "unterminated" "pr86936" { xfail *-*-* } } */
+T (&b[3][1] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[3][v0] + v1, bsz + 1); /* { dg-warning "unterminated" "pr86936" { xfail *-*-* } } */
+
+T (&b[i3][i1], bsz); /* { dg-warning "unterminated" } */
+T (&b[i3][i1] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&b[i3][i1] + i1, bsz); /* { dg-warning "specified bound 5 exceeds the size 3 of unterminated array" } */
+T (&b[i3][v0], bsz);
+T (&b[i3][i1] + v0, bsz); /* { dg-warning "specified bound 5 may exceed the size of at most 4 of unterminated array" } */
+T (&b[i3][v0] + v1, bsz);
+
+T (&b[i3][i1], bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[i3][i1] + 1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[i3][i1] + i1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[i3][v0], bsz + 1); /* { dg-warning "unterminated" "pr86919" { xfail *-*-* } } */
+T (&b[i3][i1] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+T (&b[i3][v0] + v1, bsz + 1); /* { dg-warning "unterminated" "pr86919" { xfail *-*-* } } */
+
+T (v0 ? "" : b[0], bsz);
+T (v0 ? "" : b[1], bsz);
+T (v0 ? "" : b[2], bsz);
+T (v0 ? "" : b[3], bsz);
+T (v0 ? b[0] : "", bsz);
+T (v0 ? b[1] : "", bsz);
+T (v0 ? b[2] : "", bsz);
+T (v0 ? b[3] : "", bsz);
+
+T (v0 ? "" : b[0], bsz + 1);
+T (v0 ? "" : b[1], bsz + 1);
+T (v0 ? "" : b[2], bsz + 1);
+T (v0 ? "" : b[3], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? b[0] : "", bsz + 1);
+T (v0 ? b[1] : "", bsz + 1);
+T (v0 ? b[2] : "", bsz + 1);
+T (v0 ? b[3] : "", bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+
+T (v0 ? "" : b[i0], bsz);
+T (v0 ? "" : b[i1], bsz);
+T (v0 ? "" : b[i2], bsz);
+T (v0 ? "" : b[i3], bsz);
+T (v0 ? b[i0] : "", bsz);
+T (v0 ? b[i1] : "", bsz);
+T (v0 ? b[i2] : "", bsz);
+T (v0 ? b[i3] : "", bsz);
+
+T (v0 ? "" : b[i0], bsz + 1);
+T (v0 ? "" : b[i1], bsz + 1);
+T (v0 ? "" : b[i2], bsz + 1);
+T (v0 ? "" : b[i3], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? b[i0] : "", bsz + 1);
+T (v0 ? b[i1] : "", bsz + 1);
+T (v0 ? b[i2] : "", bsz + 1);
+T (v0 ? b[i3] : "", bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+
+T (v0 ? "1234" : b[3], bsz);
+T (v0 ? "1234" : b[i3], bsz);
+T (v0 ? b[3] : "1234", bsz);
+T (v0 ? b[i3] : "1234", bsz);
+
+T (v0 ? a : b[3], bsz);
+T (v0 ? b[0] : b[2], bsz);
+T (v0 ? b[2] : b[3], bsz);
+T (v0 ? b[3] : b[2], bsz);
+
+T (v0 ? "1234" : b[3], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? "1234" : b[i3], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? b[3] : "1234", bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? b[i3] : "1234", bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+
+T (v0 ? a : b[3], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? b[0] : b[2], bsz + 1);
+T (v0 ? b[2] : b[3], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+T (v0 ? b[3] : b[2], bsz + 1); /* { dg-warning "unterminated" "pr86937" { xfail *-*-* } } */
+
+struct A { char a[5], b[5]; };
+
+const struct A s = { "1234", "12345" };
+
+T (s.a, asz);
+T (&s.a[0], asz);
+T (&s.a[0] + 1, asz);
+T (&s.a[0] + v0, asz);
+T (&s.a[1], asz);
+T (&s.a[1] + 1, asz);
+T (&s.a[1] + v0, asz);
+
+T (&s.a[i0], asz);
+T (&s.a[i0] + i1, asz);
+T (&s.a[i0] + v0, asz);
+T (&s.a[i1], asz);
+T (&s.a[i1] + i1, asz);
+T (&s.a[i1] + v0, asz);
+
+T (s.a, asz + 1);
+T (&s.a[0], asz + 1);
+T (&s.a[0] + 1, asz + 1);
+T (&s.a[0] + v0, asz + 1);
+T (&s.a[1], asz + 1);
+T (&s.a[1] + 1, asz + 1);
+T (&s.a[1] + v0, asz + 1);
+
+T (&s.a[i0], asz + 1);
+T (&s.a[i0] + i1, asz + 1);
+T (&s.a[i0] + v0, asz + 1);
+T (&s.a[i1], asz + 1);
+T (&s.a[i1] + i1, asz + 1);
+T (&s.a[i1] + v0, asz + 1);
+
+T (s.b, bsz);
+T (&s.b[0], bsz);
+T (&s.b[0] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&s.b[0] + v0, bsz); /* { dg-warning "unterminated" } */
+T (&s.b[1], bsz); /* { dg-warning "unterminated" } */
+T (&s.b[1] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&s.b[1] + v0, bsz); /* { dg-warning "unterminated" } */
+
+T (&s.b[i0], bsz);
+T (&s.b[i0] + i1, bsz); /* { dg-warning "unterminated" } */
+T (&s.b[i0] + v0, bsz); /* { dg-warning "unterminated" } */
+T (&s.b[i1], bsz); /* { dg-warning "unterminated" } */
+T (&s.b[i1] + i1, bsz); /* { dg-warning "unterminated" } */
+T (&s.b[i1] + v0, bsz); /* { dg-warning "unterminated" } */
+
+T (s.b, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[0], bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[0] + 1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[0] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[1], bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[1] + 1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[1] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+
+T (&s.b[i0], bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[i0] + i1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[i0] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[i1], bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[i1] + i1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&s.b[i1] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+
+struct B { struct A a[2]; };
+
+const struct B ba[] = {
+ { { { "123", "12345" }, { "12345", "123" } } },
+ { { { "12345", "123" }, { "123", "12345" } } },
+ { { { "1", "12" }, { "123", "1234" } } },
+ { { { "123", "1234" }, { "12345", "12" } } }
+};
+
+T (ba[0].a[0].a, asz + 1);
+T (&ba[0].a[0].a[0], asz + 1);
+T (&ba[0].a[0].a[0] + 1, asz + 1);
+T (&ba[0].a[0].a[0] + v0, asz + 1);
+T (&ba[0].a[0].a[1], asz + 1);
+T (&ba[0].a[0].a[1] + 1, asz + 1);
+T (&ba[0].a[0].a[1] + v0, asz + 1);
+
+T (ba[0].a[0].b, bsz);
+T (&ba[0].a[0].b[0], bsz);
+T (&ba[0].a[0].b[0] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[0] + 1, bsz - 1);
+T (&ba[0].a[0].b[0] + v0, bsz); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1], bsz); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1], bsz - 1);
+T (&ba[0].a[0].b[1] + 1, bsz - 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1] + 1, bsz - 2);
+T (&ba[0].a[0].b[1] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1] + v0, bsz); /* { dg-warning "unterminated" } */
+
+T (ba[0].a[0].b, bsz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[0], bsz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[0] + 1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[0] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1], bsz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1] + 1, bsz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[0].b[1] + v0, bsz + 1); /* { dg-warning "unterminated" } */
+
+T (ba[0].a[1].a, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[1].a[0], asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[1].a[0] + 1, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[1].a[0] + v0, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[1].a[1], asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[1].a[1] + 1, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[0].a[1].a[1] + v0, asz + 1); /* { dg-warning "unterminated" } */
+
+T (ba[0].a[1].b, bsz + 1);
+T (&ba[0].a[1].b[0], bsz + 1);
+T (&ba[0].a[1].b[0] + 1, bsz + 1);
+T (&ba[0].a[1].b[0] + v0, bsz + 1);
+T (&ba[0].a[1].b[1], bsz + 1);
+T (&ba[0].a[1].b[1] + 1, bsz + 1);
+T (&ba[0].a[1].b[1] + v0, bsz + 1);
+
+T (ba[1].a[0].a, asz);
+T (&ba[1].a[0].a[0], asz);
+T (&ba[1].a[0].a[0] + 1, asz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[0] + v0, asz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[1], asz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[1] + 1, asz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[1] + v0, asz); /* { dg-warning "unterminated" } */
+
+T (ba[1].a[0].a, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[0], asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[0] + 1, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[0] + v0, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[1], asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[1] + 1, asz + 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[0].a[1] + v0, asz + 1); /* { dg-warning "unterminated" } */
+
+T (ba[1].a[0].b, bsz);
+T (&ba[1].a[0].b[0], bsz);
+T (&ba[1].a[0].b[0] + 1, bsz);
+T (&ba[1].a[0].b[0] + v0, bsz);
+T (&ba[1].a[0].b[1], bsz);
+T (&ba[1].a[0].b[1] + 1, bsz);
+T (&ba[1].a[0].b[1] + v0, bsz);
+
+T (ba[1].a[1].a, asz);
+T (&ba[1].a[1].a[0], asz);
+T (&ba[1].a[1].a[0] + 1, asz);
+T (&ba[1].a[1].a[0] + v0, asz);
+T (&ba[1].a[1].a[1], asz);
+T (&ba[1].a[1].a[1] + 1, asz);
+T (&ba[1].a[1].a[1] + v0, asz);
+
+T (ba[1].a[1].b, bsz);
+T (&ba[1].a[1].b[0], bsz);
+T (&ba[1].a[1].b[0] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[1].b[0] + 1, bsz - 1);
+T (&ba[1].a[1].b[0] + v0, bsz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[1].b[1], bsz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[1].b[1], bsz - 1);
+T (&ba[1].a[1].b[1] + 1, bsz); /* { dg-warning "unterminated" } */
+T (&ba[1].a[1].b[1] + 1, bsz - 1); /* { dg-warning "unterminated" } */
+T (&ba[1].a[1].b[1] + 1, bsz - 2);
+T (&ba[1].a[1].b[1] + 1, bsz - i2);
+T (&ba[1].a[1].b[1] + v0, bsz); /* { dg-warning "unterminated" } */
+
+/* Prune out warnings with no location (pr?????).
+ { dg-prune-output "cc1:" } */
diff --git a/gcc/tree-ssa-strlen.c b/gcc/tree-ssa-strlen.c
index 1d813b4..b747c35 100644
--- a/gcc/tree-ssa-strlen.c
+++ b/gcc/tree-ssa-strlen.c
@@ -336,8 +336,12 @@ get_stridx (tree exp)
return idx;
}
- s = string_constant (exp, &o);
+ /* Set if EXP refers to a constant array that is not a nul-terminated
+ string, otherwise clear. */
+ tree nonstr;
+ s = string_constant (exp, &o, &nonstr);
if (s != NULL_TREE
+ && nonstr == NULL_TREE
&& (o == NULL_TREE || tree_fits_shwi_p (o))
&& TREE_STRING_LENGTH (s) > 0)
{
next prev parent reply other threads:[~2018-08-13 21:29 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 20:09 [PATCH] warn for strlen of arrays with missing nul " Martin Sebor
2018-07-25 23:38 ` PING " Martin Sebor
2018-07-30 19:18 ` Martin Sebor
2018-08-02 2:44 ` PING [PATCH] warn for strlen of arrays with missing nul (PR 86552, 86711, 86714) ) Martin Sebor
2018-08-02 13:26 ` Bernd Edlinger
2018-08-02 18:56 ` Bernd Edlinger
2018-08-02 20:34 ` Martin Sebor
2018-08-03 13:01 ` Bernd Edlinger
2018-08-03 19:59 ` Martin Sebor
2018-08-15 5:31 ` Jeff Law
2018-08-29 17:17 ` Jeff Law
2018-08-24 6:36 ` Jeff Law
2018-08-24 12:28 ` Bernd Edlinger
2018-08-24 16:04 ` Jeff Law
2018-08-24 21:56 ` Bernd Edlinger
2018-08-24 16:51 ` Jeff Law
2018-08-24 17:26 ` Bernd Edlinger
2018-08-24 23:54 ` Jeff Law
2018-08-25 6:32 ` Bernd Edlinger
2018-08-25 17:33 ` Jeff Law
2018-08-25 18:36 ` Bernd Edlinger
2018-08-25 19:02 ` Jeff Law
2018-08-25 19:32 ` Bernd Edlinger
2018-08-25 20:42 ` Martin Sebor
2018-08-26 10:20 ` Bernd Edlinger
2018-08-25 23:22 ` Jeff Law
2018-08-17 5:15 ` Jeff Law
2018-08-17 14:38 ` Martin Sebor
2018-08-13 21:23 ` [PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714) Martin Sebor
2018-08-13 21:25 ` [PATCH 1/6] prevent folding of unterminated const arrays in memchr calls (PR " Martin Sebor
2018-08-13 21:27 ` [PATCH 3/6] detect unterminated const arrays in strcpy calls (PR 86552) Martin Sebor
2018-08-30 22:31 ` Jeff Law
2018-08-13 21:28 ` [PATCH 4/6] detect unterminated const arrays in sprintf " Martin Sebor
2018-08-30 22:55 ` Jeff Law
2018-08-13 21:29 ` Martin Sebor [this message]
2018-08-30 23:25 ` [PATCH 6/6] detect unterminated const arrays in strnlen " Jeff Law
2018-10-01 21:49 ` Jeff Law
2018-08-13 21:29 ` [PATCH 5/6] detect unterminated const arrays in stpcpy " Martin Sebor
2018-08-30 23:07 ` Jeff Law
2018-09-14 18:39 ` Jeff Law
2018-08-14 3:21 ` [PATCH 2/6] detect unterminated const arrays in strlen " Martin Sebor
2018-08-30 22:15 ` Jeff Law
2018-08-31 2:25 ` Martin Sebor
2018-08-15 6:02 ` [PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714) Jeff Law
2018-08-15 14:47 ` Martin Sebor
2018-08-15 15:42 ` Jeff Law
2018-08-24 10:13 ` Richard Biener
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=90953771-af77-b1a6-2215-fc48a07cebd6@gmail.com \
--to=msebor@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=law@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).