No warnings: passing too-short array to array parameter with `static` size

Question

No warnings: passing too-short array to array parameter with `static` size

ch3root opened this issue 8 years ago · 1 comments

Source code:

#include <stdio.h>

static int f(int a[static 1])
{
  if (a)
    return 1;
  return 0;
}

int main()
{
  printf("%d\n", f(0));
}

C11, 6.7.6.3p7: "If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression."

tis-interpreter (21f4c7a) output:

[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed

0

[value] done for function main

gcc (GCC) 7.0.0 20160627 (experimental):

$ gcc -std=c11 -pedantic -Wall -Wextra -O3 -fsanitize=undefined test.c && ./a.out
0

clang version 3.9.0 (trunk 271312):

$ clang -std=c11 -Weverything -O3 -fsanitize=undefined test.c && ./a.out
test.c:12:18: warning: null passed to a callee that requires a non-null argument [-Wnonnull]
  printf("%d\n", f(0));
                 ^ ~
test.c:3:18: note: callee declares array parameter as static here
static int f(int a[static 1])
                 ^~~~~~~~~~~
1 warning generated.
1

Answer 1 · 2016-06-30T20:48:02.000Z

An example illustrating that clang uses dereferenceability of the full static size. It crashes. The crash goes away with:

removing static, or
changing static 2 to static 1, or
changing a[1] to a[2].

Source code:

#include <string.h>
#include <stdio.h>

#include <unistd.h>
#include <sys/mman.h>
#define MAP_ANONYMOUS 0x20

static int f(char a[static 2], int k)
{
  return k ? 0 : a[1];
}

int main(int argc, char **argv)
{
  (void)argv;

  size_t pagesize = (size_t)sysconf(_SC_PAGESIZE);
  char *p = mmap(NULL, pagesize * 2, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
  if (p == MAP_FAILED)
    return 1;
  memset(p, 0, pagesize * 2);
  if (mprotect(p + pagesize, pagesize, PROT_NONE) != 0)
    return 2;

  printf("%d\n", f(p + pagesize - 1, argc));
}

Results:

$ clang -std=c11 -Weverything -O3 test.c && ./a.out
Segmentation fault

clang version: clang version 3.9.0 (trunk 271312)