From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id CAE7D383F238 for ; Tue, 13 Dec 2022 20:45:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CAE7D383F238 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ej1-x629.google.com with SMTP id kw15so39605683ejc.10 for ; Tue, 13 Dec 2022 12:45:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=C3esI8Zmz9jvSzS0CosWttN5dX/AJB9tGPvzmZCTq+Y=; b=V/M9Q28DihJ2h2LBfsjQt1094VeCp4psJfuhjKGgXozLMDZTlWckqSnHFkd2v1cV5w uE1vxER/LhZax+R6JuetUTt4jJBBh7HiLoJII4yvTtIV/EpacyN8ia2kyMZGtZCu6Dmy DcYtwqsk0CNDbHO0c5k/10/3xQgG9oBD/e6fpn3Si0QP/YM3k3OblIN4I7iknuxzjZFN LxU/8mKMSW4WsUg89fMYwSDgDmY0cxYVpc3no8DjJkjQf1Idcj/dEyNWuGI0LSbItjYW skJjMaVkq2N+TpQDZBp/yb6KSXLcoAPFti4HM15vk4+X3pPphADKAlF02Fq98h0p/EDi 2qrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=C3esI8Zmz9jvSzS0CosWttN5dX/AJB9tGPvzmZCTq+Y=; b=R4JbskXCHHMOgN1vHTOlUSPNU02N85RjozYC/A11xbDoe5LpCKCjAF2jhw3jWGV4wu y7QJStBLUFe7nlLEDPb9d/KMRFeGUcsAxVLg2ByiGF5SPDXXi2bCOt9J8LsiY+ri8bvZ 7OsyaiCPw6hQm3NtT3prR3D/kjNDgHrUD2XBIHnWC8zE3MSvYFz+HS97Q2gZs2FB+BcT YT4KIUTOsKyTgD+n24iIPybL5uLfzCo2cCrYSNcvnqOR9lWuQUXRFnb4RPfK0RnYw2Sr rqV5q8dekBoK67D4pxktG6yk1mdZ7k0+YAd5JHSIUMjKNxhe/P2J1n251mZn1K8NIPB5 Hkhg== X-Gm-Message-State: ANoB5pkIQNec+f3nNtes0JnAyIGAfzA6eL1Dxfhc7WCQVQMe7m8EO0Pg xzdp6AueQvNe9p/hCc7GF5w2FeG7fwt2AoWxjYk= X-Google-Smtp-Source: AA0mqf4ed5BRMGQVJHvg3hBcSTrTnQkXOadkUwTgd7O6IQZ8TyAq/zo2aphgjnhuMPxQnLoYigvZxAmB+mB2mtOHey8= X-Received: by 2002:a17:906:518c:b0:7c1:98f:c16a with SMTP id y12-20020a170906518c00b007c1098fc16amr10477449ejk.215.1670964355442; Tue, 13 Dec 2022 12:45:55 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jonathan Wakely Date: Tue, 13 Dec 2022 20:45:44 +0000 Message-ID: Subject: Re: [BUG] missing warning for pointer arithmetic out of bounds To: Paul Koning Cc: Alejandro Colomar , "gcc@gcc.gnu.org" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, 13 Dec 2022, 19:23 Paul Koning via Gcc, wrote: > > > > > On Dec 13, 2022, at 2:08 PM, Alejandro Colomar via Gcc wrote: > > > > Hi! > > > > For the following program: > > > > > > $ cat buf.c > > #include > > > > int main(void) > > { > > char *p, buf[5]; > > > > p = buf + 6; > > printf("%p\n", p); > > } > > > > > > There are no warnings in gcc, as I would expect: > > > > $ gcc -Wall -Wextra buf.c -O0 > > > > Clang does warn, however: > > > > $ clang -Weverything -Wall -Wextra buf.c -O0 > > buf.c:8:17: warning: format specifies type 'void *' but the argument has type 'char *' [-Wformat-pedantic] > > printf("%p\n", p); > > ~~ ^ > > %s > > buf.c:7:6: warning: the pointer incremented by 6 refers past the end of the array (that contains 5 elements) [-Warray-bounds-pointer-arithmetic] > > p = buf + 6; > > ^ ~ > > I thought void * is a generic pointer that accepts any pointer argument. Yes, but printf doesn't take a void* argument. > > So a warning about char* being passed in seems to be flat out wrong. I wouldn't say flat out wrong. It's wrong because the C standard guarantees that void* and char* have the same representation and alignment requirements, so no conversion is needed to pass a char* through a varargs ellipsis where a void* is expected. But if it was int* or struct X* then the warning would be correct (but not a problem in practice on common arches, which is why Clang only enabels it with -Wformat-pedantic). > > > buf.c:5:2: note: array 'buf' declared here > > char *p, buf[5]; > > ^ > > 2 warnings generated. > > That was discussed just days ago: C says that a pointer one past the end of the array is legal. So here too it looks like Clang is wrong and GCC is right. No, clang is totally right here.