search

TrustInSoft / tis-interpreter

An interpreter for finding subtle bugs in programs written in standard C
565 stars 28 forks source link

Invalid C accepted: non-last flexible array member etc. #120

Open ch3root opened 8 years ago

ch3root commented 8 years ago

Source code:

int main()
{
  struct non_last {
    int a[];
    int i;
  };

  struct empty {
    int a[];
  };

  struct only_unnamed {
    int :1;
    int a[];
  };
}

tis-interpreter (21f4c7a763b4601d723ea5749185c97115c9c98a) output:

[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
[value] done for function main

gcc (GCC) 7.0.0 20160627 (experimental):

$ gcc -std=c11 -pedantic -Wall -Wextra -O3 -fsanitize=undefined test.c && ./a.out
test.c: In function ‘main’:
test.c:4:9: error: flexible array member not at end of struct
     int a[];
         ^
test.c:9:9: error: flexible array member in otherwise empty struct
     int a[];
         ^
test.c:14:9: error: flexible array member in otherwise empty struct
     int a[];
         ^

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71742

clang version 3.9.0 (trunk 271312):

$ clang -std=c11 -Weverything -O3 -fsanitize=undefined test.c && ./a.out
test.c:4:9: error: field has incomplete type 'int []'
    int a[];
        ^
test.c:9:9: error: flexible array member 'a' not allowed in otherwise empty struct
    int a[];
        ^
2 errors generated.

https://llvm.org/bugs/show_bug.cgi?id=28407

ch3root commented 8 years ago

And they are not permitted in unions.

Source code:

int main()
{
  union u {
    int i;
    int a[];
  };
}

tis-interpreter (21f4c7a763b4601d723ea5749185c97115c9c98a) output:

[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
[value] done for function main

gcc (GCC) 7.0.0 20160627 (experimental):

$ gcc -std=c11 -pedantic -Wall -Wextra -O3 -fsanitize=undefined test.c && ./a.out
test.c: In function ‘main’:
test.c:5:9: error: flexible array member in union
     int a[];
         ^

clang version 3.9.0 (trunk 271312):

$ clang -std=c11 -Weverything -O3 -fsanitize=undefined test.c && ./a.out
test.c:5:9: error: field has incomplete type 'int []'
    int a[];
        ^
1 error generated.