Skip to content

Compiler allows array variable to be declared with a bound larger than its size (unsound) #1071

Open
@secure-sw-dev-bot

Description

@secure-sw-dev-bot

This issue was copied from checkedc/checkedc-clang#1071


The compiler allows an array variable to be declared with a bound larger than its actual size, leading to a spatial memory safety violation that is not caught by a Checked C runtime check. For example, the following code compiles with no warnings but gives a "segmentation fault" at runtime (as contrasted with an "illegal instruction" for a Checked C runtime check failure):

#pragma CHECKED_SCOPE on

void foo(_Array_ptr<char> p : count(len), int len) {
  for (int i = 0; i < len; i++) {
    p[i] = '\0';
  }
}

int main(void) {
  int bogus_count = 100000000;
  char buf _Checked[10] : count(bogus_count);
  foo(buf, bogus_count);
  return 0;
}

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions