Open
Description
This issue was copied from checkedc/checkedc-clang#1071
The compiler allows an array variable to be declared with a bound larger than its actual size, leading to a spatial memory safety violation that is not caught by a Checked C runtime check. For example, the following code compiles with no warnings but gives a "segmentation fault" at runtime (as contrasted with an "illegal instruction" for a Checked C runtime check failure):
#pragma CHECKED_SCOPE on
void foo(_Array_ptr<char> p : count(len), int len) {
for (int i = 0; i < len; i++) {
p[i] = '\0';
}
}
int main(void) {
int bogus_count = 100000000;
char buf _Checked[10] : count(bogus_count);
foo(buf, bogus_count);
return 0;
}