From: Bernd Edlinger <bernd.edlinger@hotmail.de>
To: Martin Sebor <msebor@gmail.com>,
"gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>
Subject: Re: PING [PATCH] warn for strlen of arrays with missing nul (PR 86552)
Date: Mon, 30 Jul 2018 21:12:00 -0000 [thread overview]
Message-ID: <AM5PR0701MB26576B379C8A08FD6EE4AAF3E42F0@AM5PR0701MB2657.eurprd07.prod.outlook.com> (raw)
Hi,
>@@ -621,6 +674,12 @@ c_strlen (tree src, int only_value)
> maxelts = maxelts / eltsize - 1;
> }
>
>+ /* Unless the caller is prepared to handle it by passing in a non-null
>+ ARR, fail if the terminating nul doesn't fit in the array the string
>+ is stored in (as in const char a[3] = "123"; */
>+ if (!arr && maxelts < strelts)
>+ return NULL_TREE;
>+
this is c_strlen, how is the caller ever supposed to handle non-zero terminated strings???
especially if you do this above?
>+c_strlen (tree src, int only_value, tree *arr /* = NULL */)
> {
> STRIP_NOPS (src);
>+
>+ /* Used to detect non-nul-terminated strings in subexpressions
>+ of a conditional expression. When ARR is null, point it at
>+ one of the elements for simplicity. */
>+ tree arrs[] = { NULL_TREE, NULL_TREE };
>+ if (!arr)
>+ arr = arrs;
>@@ -11427,7 +11478,9 @@ string_constant (tree arg, tree *ptr_offset)
> unsigned HOST_WIDE_INT length = TREE_STRING_LENGTH (init);
> length = string_length (TREE_STRING_POINTER (init), charsize,
> length / charsize);
>- if (compare_tree_int (array_size, length + 1) < 0)
>+ if (nulterm)
>+ *nulterm = array_elts > length;
>+ else if (array_elts <= length)
> return NULL_TREE;
I don't understand why you can't use
compare_tree_int (TYPE_SIZE_UNIT (TREE_TYPE (init)), TREE_STRING_LENGTH (init))
instead of this convoluted code above ???
Sorry, this patch does not look like it is ready any time soon.
But actually I am totally puzzled by your priorities.
This is what I see right now:
1) We have missing warnings.
2) We have wrong code bugs.
3) We have apparently a specification error on the C Language standard (*)
Why are you prioritizing 1) over 2) thus blocking my attempts to fix a wrong code
issue,and why do you not tackle 3) in your WG14?
(*) which means that GCC is currently removing code from assertions
as I pointed out here: https://gcc.gnu.org/ml/gcc-patches/2018-07/msg01695.html
This happens because GCC follows the language standards literally right now.
I would say too literally, and it proves that the language standard's logic is
flawed IMHO.
Thanks
Bernd.
next reply other threads:[~2018-07-30 21:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-30 21:12 Bernd Edlinger [this message]
2018-07-31 3:52 ` Martin Sebor
2018-08-01 14:21 ` Bernd Edlinger
2018-08-01 16:34 ` Martin Sebor
2018-08-01 17:16 ` Bernd Edlinger
2018-08-01 20:33 ` Martin Sebor
-- strict thread matches above, loose matches on Subject: below --
2018-07-19 20:09 Martin Sebor
2018-07-25 23:38 ` PING " Martin Sebor
2018-07-30 19:18 ` Martin Sebor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM5PR0701MB26576B379C8A08FD6EE4AAF3E42F0@AM5PR0701MB2657.eurprd07.prod.outlook.com \
--to=bernd.edlinger@hotmail.de \
--cc=gcc-patches@gcc.gnu.org \
--cc=msebor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).