On Tue, Jun 18, 2019 at 12:27:31PM +0200, Martin Liška wrote: > > Oops. The problematic case is then if the STRING_CST c_getstr finds > > is not NUL terminated (dunno if we ever construct that) or if > > string_size is smaller than string_length and there are no NULs in that > > size. > > The function always returns a null-terminated string: > > 14587 /* Return a pointer P to a NUL-terminated string representing the > sequence > 14588 of constant characters referred to by SRC (or a subsequence of such > 14589 characters within it if SRC is a reference to a string plus some > 14590 constant offset). If STRLEN is non-null, store the number of bytes > 14591 in the string constant including the terminating NUL char. > *STRLEN is > 14592 typically strlen(P) + 1 in the absence of embedded NUL characters. > */ > 14593 > 14594 const char * > 14595 c_getstr (tree src, unsigned HOST_WIDE_INT *strlen /* = NULL */) > 14596 { > 14597 tree offset_node; > 14598 tree mem_size; > > That said, the unconditional strnlen should be fine.
But *strlen it sets might be smaller. I'd try say const char foo[5] = "foobar"; or similar, or say stick gcc_assert in c_getstr where it is setting *strlen and gcc_assert (strnlen (to be returned value, *strlen) < *strlen); do a bootstrap/regtest with that and see if it ever triggers (or instead of assert failure log into a log file with "a" mode). If not, there is no point to pass non-NULL second argument to c_getstr, you'd always just use strlen on the returned string. Jakub