https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105948
--- Comment #1 from Benjamin Priour <vultkayn at gcc dot gnu.org> ---
I'm writing a patch for this, and I've got support for non symbolic bounds.
However, as I wrote my patch, a missing warning came up.
Consider the test case:
---
void var_too_short ()
{
short s;
long *lp = new (&s) long; /* { dg-warning "stack-based buffer overflow" } */
/* { dg-warning "allocated buffer size is not a multiple of the pointee's
size" "" { target *-*-* } .-1 } */
}
void static_buffer_too_short ()
{
int n = 16;
int buf[n];
int *p = new (buf) int[n + 1]; /* { dg-warning "stack-based buffer overflow"
} */
/* (+) */
}
---
In 'var_too_short', two warnings are emitted, second being from
'-Wanalyzer-allocation-size', which makes sense.
Then given the name of this warning, would it not also makes sense to emit it
at (+) in 'static_buffer_too_short' ?
Pointer 'p' is an int, and 'buf' is an array of int, so the buffer size is
indeed a multiple size of 'p'.
However, we know 'p' points to an area actually overflowing 'buf', so
-Wanalyzer-allocation-size is reasonable there.
What are your thoughts on that ?
