Bug#798042: gcc-5: GCC does not reject too small arrays as arguments for arr[static size] type parameters

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#798042: gcc-5: GCC does not reject too small arrays as arguments for arr[static size] type parameters
From: Johan Ouwerkerk <johan.ouwerkerk@hotmail.com>
Date: Fri, 04 Sep 2015 20:39:56 +0200
Message-id: <[🔎] 20150904183956.18235.25108.reportbug@Lailaps>
Reply-to: Johan Ouwerkerk <johan.ouwerkerk@hotmail.com>, 798042@bugs.debian.org

Package: gcc-5
Version: 5.2.1-16
Severity: normal
Tags: upstream

Dear Maintainer,

GCC 5 does not properly reject or warn about C code which passes insufficiently large arrays as arguments to functions with a declared static size for said parameters.
In C-99 function parameters may be declared like this: int arr[static size], where size is the minimum number of elements arr MUST contain in order for the call to be valid.

Compilers are supposed to either warn or reject the code, in particular passing NULL pointers as such arguments is invalid.

To demonstrate the issue, in the following simple self contained code example each call to the test() function should be either warned about or rejected outright:

#include <stdio.h>

#define EXPECTED_SIZE (16 * 1024)

static int test(int arr[static EXPECTED_SIZE])
{
  return arr[EXPECTED_SIZE -1];
}

int main(int argc, char** argv)
{
  int result;
  int illegal;
  int passed[3] = {1,2,3};
  result = test(passed);
  illegal = test(NULL);
  printf("Test result: 'too short' = %d, 'illegal' = %d\n", result, illegal);
  return 0;
}

Unfortunately, gcc-5 will compile such code silently with: gcc-5 -std=c99 -Wall -Werror test.c

I had expected gcc-5 to issue at least a -Warray-bounds style warning (and elevate it to error with -Werror). Note that adding -Warray-bounds explicitly does not alter observable behaviour.

For more information on the intended semantics/compiler behaviour of this kind of code, please refer to:
https://hamberg.no/erlend/posts/2013-02-18-static-array-indices.html#fn1
http://stackoverflow.com/questions/3430315/purpose-of-static-keyword-in-array-parameter-of-function

The second link appears to contain the relevant C-99 standards language, but the first link is most useful for understanding expected compiler behaviour with this kind of code.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gcc-5 depends on:
ii  binutils      2.25.1-1
ii  cpp-5         5.2.1-16
ii  gcc-5-base    5.2.1-16
ii  libc6         2.19-19
ii  libcc1-0      5.2.1-16
ii  libgcc-5-dev  5.2.1-16
ii  libgcc1       1:5.2.1-16
ii  libgmp10      2:6.0.0+dfsg-7
ii  libisl13      0.14-2
ii  libmpc3       1.0.3-1
ii  libmpfr4      3.1.3-1
ii  libstdc++6    5.2.1-16
ii  zlib1g        1:1.2.8.dfsg-2+b1

Versions of packages gcc-5 recommends:
ii  libc6-dev  2.19-19

Versions of packages gcc-5 suggests:
pn  gcc-5-doc         <none>
pn  gcc-5-locales     <none>
pn  gcc-5-multilib    <none>
pn  libasan2-dbg      <none>
pn  libatomic1-dbg    <none>
pn  libcilkrts5-dbg   <none>
pn  libgcc1-dbg       <none>
pn  libgomp1-dbg      <none>
pn  libitm1-dbg       <none>
pn  liblsan0-dbg      <none>
pn  libmpx0-dbg       <none>
pn  libquadmath0-dbg  <none>
pn  libtsan0-dbg      <none>
pn  libubsan0-dbg     <none>

-- no debconf information

Reply to:

Prev by Date: Re: Could someone explain bug 770025 to me?
Next by Date: Processed: Re: Bug#797324: gcc-5: please support multiarch path to kfreebsd-kernel-headers
Previous by thread: Bug#798029: Impossible to keep gcc-4.7 after upgrade to Debian Jessie
Next by thread: Processed (with 1 errors): retitle 797971
Index(es):
- Date
- Thread