Open
Description
This issue was copied from checkedc/checkedc-clang#639
The current version of clang allows the following declarations:
#include<stdio_checked.h>
#pragma CHECKED_SCOPE ON
#pragma BOUNDS_CHECKED ON
struct foo{
unsigned l;
} glo;
int modify_bounds_variable(_Array_ptr<char> p:count(2)) {
char a;
// here we go out of bounds.
// here, we are changing the variable i.e., p used in a bounds declaration
// THIS SHOULD NOT BE ALLOWED.
p+=32;
// this is out-of-bounds read
a = p[0];
putc(a, stdout);
return 0;
}
int main(void) {
_Array_ptr<char> p:count(12)= "heOOOOOOOOOO";
_Ptr<struct foo> obj = &glo;
// we are using a pointer dereference in a bounds declaration.
// THIS SHOULD NOT BE ALLOWED.
_Array_ptr<char> p2:count(obj->l) = NULL;
modify_bounds_variable(p);
return 0;
}
As one can see that the changes to p i.e., p += 32 should not be allowed. Also, the bounds declaration of containing pointer dereference i.e., _Array_ptr<char> p2:count(obj->l) should not be allowed as it requires reasoning about pointers.