--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: gcc-5: GCC does not reject too small arrays as arguments for arr[static size] type parameters
- From: Johan Ouwerkerk <johan.ouwerkerk@hotmail.com>
- Date: Fri, 04 Sep 2015 20:39:56 +0200
- Message-id: <20150904183956.18235.25108.reportbug@Lailaps>
Package: gcc-5
Version: 5.2.1-16
Severity: normal
Tags: upstream
Dear Maintainer,
GCC 5 does not properly reject or warn about C code which passes insufficiently large arrays as arguments to functions with a declared static size for said parameters.
In C-99 function parameters may be declared like this: int arr[static size], where size is the minimum number of elements arr MUST contain in order for the call to be valid.
Compilers are supposed to either warn or reject the code, in particular passing NULL pointers as such arguments is invalid.
To demonstrate the issue, in the following simple self contained code example each call to the test() function should be either warned about or rejected outright:
#include <stdio.h>
#define EXPECTED_SIZE (16 * 1024)
static int test(int arr[static EXPECTED_SIZE])
{
return arr[EXPECTED_SIZE -1];
}
int main(int argc, char** argv)
{
int result;
int illegal;
int passed[3] = {1,2,3};
result = test(passed);
illegal = test(NULL);
printf("Test result: 'too short' = %d, 'illegal' = %d\n", result, illegal);
return 0;
}
Unfortunately, gcc-5 will compile such code silently with: gcc-5 -std=c99 -Wall -Werror test.c
I had expected gcc-5 to issue at least a -Warray-bounds style warning (and elevate it to error with -Werror). Note that adding -Warray-bounds explicitly does not alter observable behaviour.
For more information on the intended semantics/compiler behaviour of this kind of code, please refer to:
https://hamberg.no/erlend/posts/2013-02-18-static-array-indices.html#fn1
http://stackoverflow.com/questions/3430315/purpose-of-static-keyword-in-array-parameter-of-function
The second link appears to contain the relevant C-99 standards language, but the first link is most useful for understanding expected compiler behaviour with this kind of code.
-- System Information:
Debian Release: stretch/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gcc-5 depends on:
ii binutils 2.25.1-1
ii cpp-5 5.2.1-16
ii gcc-5-base 5.2.1-16
ii libc6 2.19-19
ii libcc1-0 5.2.1-16
ii libgcc-5-dev 5.2.1-16
ii libgcc1 1:5.2.1-16
ii libgmp10 2:6.0.0+dfsg-7
ii libisl13 0.14-2
ii libmpc3 1.0.3-1
ii libmpfr4 3.1.3-1
ii libstdc++6 5.2.1-16
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages gcc-5 recommends:
ii libc6-dev 2.19-19
Versions of packages gcc-5 suggests:
pn gcc-5-doc <none>
pn gcc-5-locales <none>
pn gcc-5-multilib <none>
pn libasan2-dbg <none>
pn libatomic1-dbg <none>
pn libcilkrts5-dbg <none>
pn libgcc1-dbg <none>
pn libgomp1-dbg <none>
pn libitm1-dbg <none>
pn liblsan0-dbg <none>
pn libmpx0-dbg <none>
pn libquadmath0-dbg <none>
pn libtsan0-dbg <none>
pn libubsan0-dbg <none>
-- no debconf information
--- End Message ---