No warnings: passing too-short array to array parameter with `static` size

TrustInSoft / tis-interpreter

An interpreter for finding subtle bugs in programs written in standard C

565 stars 28 forks source link

Source code:

#include <stdio.h>

static int f(int a[static 1])
{
  if (a)
    return 1;
  return 0;
}

int main()
{
  printf("%d\n", f(0));
}

C11, 6.7.6.3p7: "If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression."

tis-interpreter (21f4c7a763b4601d723ea5749185c97115c9c98a) output:

[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed

0

[value] done for function main

gcc (GCC) 7.0.0 20160627 (experimental):

$ gcc -std=c11 -pedantic -Wall -Wextra -O3 -fsanitize=undefined test.c && ./a.out
0

clang version 3.9.0 (trunk 271312):

$ clang -std=c11 -Weverything -O3 -fsanitize=undefined test.c && ./a.out
test.c:12:18: warning: null passed to a callee that requires a non-null argument [-Wnonnull]
  printf("%d\n", f(0));
                 ^ ~
test.c:3:18: note: callee declares array parameter as static here
static int f(int a[static 1])
                 ^~~~~~~~~~~
1 warning generated.
1

#include <string.h> #include <stdio.h> #include <unistd.h> #include <sys/mman.h> #define MAP_ANONYMOUS 0x20 static int f(char a[static 2], int k) { return k ? 0 : a[1]; } int main(int argc, char **argv) { (void)argv; size_t pagesize = (size_t)sysconf(_SC_PAGESIZE); char *p = mmap(NULL, pagesize * 2, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); if (p == MAP_FAILED) return 1; memset(p, 0, pagesize * 2); if (mprotect(p + pagesize, pagesize, PROT_NONE) != 0) return 2; printf("%d\n", f(p + pagesize - 1, argc)); }

TrustInSoft / tis-interpreter

No warnings: passing too-short array to array parameter with `static` size #117