Open secure-sw-dev-bot opened 2 years ago
Comment from @mgrang:
I reduced the test case further:
int main() {
_Array_ptr<char> p : count(2) = "ab";
*p++;
return 0;
}
This is undefined behavior in C because we are derefencing and updating a pointer in the same statement. I talked to David about this and we decided this should be flagged as a compile-time error.
For now, in order to work-around the runtime error we should break the statement into two parts: the dereference followed by the pointer update:
*p;
p++;
Comment from @dopelsunce:
Note that p
has self-referential bounds, i.e., bounds(p, p + 2)
(expanded from count(2)
). Dereference and update a pointer with self-referential bounds at the same time (in one statement) is undefined in the current Checked C spec.
Another walk-around is to remove the self-referential bounds by introducing a temporary. For example, the code below is valid:
int main() {
_Array_ptr<char> p : count(2) = "ab";
_Array_ptr<char> p1 : bounds(p, p + 2) = p;
*p1++;
return 0;
}
Note that p1
itself does not appear in its bounds.
This is incorrect code. Incrementing p
is illegal since the upper bound of p + 2
is invalid. This code is now rejected at compile-time by the Checked C compiler.
This issue was copied from https://github.com/microsoft/checkedc-clang/issues/863
Input program:
Clang version: the current master branch of checkedc-clang.
Expected: no illegal instruction error at runtime.
Got: an illegal instruction error at runtime.
There is no runtime error after breaking the statement
*p++;
into two lines (shown below).