warning: array subscript is above array bounds when accessing arr[]

[Vicente J. Botet Escriba]

Hi,

I would like to know if the following access to arr[0] is undefined
behavior or is a false positive

#include <iostream>
#include <cstring>

struct S {
int i;
unsigned arr[];
};

int main()
{
auto size = sizeof(S) + sizeof(unsigned);
char buffer[size];
//std::memset(buffer, 0, size); // **
S* s = new(buffer) S;
std::cout << s->arr[0] << std::endl;
return 0;
}

I'm getting this warning with gcc when I use -O2

prog.cc: In function 'int main()':
prog.cc:22:27: warning: array subscript is above array bounds
[-Warray-bounds]
std::cout << s->arr[0] << std::endl; return 0;
^

If I uncomment the line ** the warning disappear.

Vicente

P.S. There was a ticket that could be related in gcc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59124

[Brian Bi]

Flexible array members are not part of standard C++. The definition of struct S is illegal.

--

--- You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-discussio...@isocpp.org.
To post to this group, send email to std-dis...@isocpp.org.
Visit this group at https://groups.google.com/a/isocpp.org/group/std-discussion/.

--

Brian Bi

[Vicente J. Botet Escriba]

Le 24/05/2016 à 23:20, Brian Bi a écrit :

Flexible array members are not part of standard C++. The definition of struct S is illegal.

Do you have a pointer on the standard, so that I can understand why?

Vicente

[Brian Bi]

On Tue, May 24, 2016 at 10:03 PM, Vicente J. Botet Escriba <vicent...@wanadoo.fr> wrote:

Le 24/05/2016 à 23:20, Brian Bi a écrit :

Flexible array members are not part of standard C++. The definition of struct S is illegal.

Do you have a pointer on the standard, so that I can understand why?

[class.mem]/9

Non-static (9.4) data members shall not have incomplete types. In particular, a class C shall not contain
a non-static member of class C, but it can contain a pointer or reference to an object of class C.

--

Brian Bi

[Kirill Berezin]

I guess this definition is legal for some compilers, but in general this code violates c++ object model because compiler is free to place a pointer to vtbl or data of a derived class right after S.

I believe that such a technique is not welcomed in a c++ program. The only exception is a call of a C function becase a lot of C libraries have structures with empty array at the end of a structure.

I hope this'll be helpfull.
Kirill.

25 мая 2016 г. 9:01 AM пользователь "Brian Bi" <bbi...@gmail.com> написал:

[Thiago Macieira]

Em quarta-feira, 25 de maio de 2016, às 07:03:14 PDT, Vicente J. Botet Escriba
escreveu:

> Le 24/05/2016 à 23:20, Brian Bi a écrit :
> > Flexible array members are not part of standard C++. The definition of
> > struct S is illegal.
>
> Do you have a pointer on the standard, so that I can understand why?

The point is that the standard does not say it's valid, so it isn't. The C
standard specifically and explicitly allows that, but the equivalent text is
not in the C++ standard.

Your C++ compiler has an extension to the language allowing that C feature,
like many C compilers do for C features not in the C++ official language
(designated intialisers, restrict, _Atomic, etc.). Since that is so, you'll
need to discuss with your vendor to see why it allows flexible array members
and yet complains that you've gone over the array size limit.

--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center

[Vicente J. Botet Escriba]

Le 25/05/2016 à 08:50, Thiago Macieira a écrit :

Em quarta-feira, 25 de maio de 2016, às 07:03:14 PDT, Vicente J. Botet Escriba 
escreveu:

Le 24/05/2016 à 23:20, Brian Bi a écrit :

Flexible array members are not part of standard C++. The definition of
struct S is illegal.

Do you have a pointer on the standard, so that I can understand why?

The point is that the standard does not say it's valid, so it isn't. The C 
standard specifically and explicitly allows that, but the equivalent text is 
not in the C++ standard.

Your C++ compiler has an extension to the language allowing that C feature, 
like many C compilers do for C features not in the C++ official language 
(designated intialisers, restrict, _Atomic, etc.). Since that is so, you'll 
need to discuss with your vendor to see why it allows flexible array members 
and yet complains that you've gone over the array size limit.

Hi,

I'm compiling with gcc std=c++11, not with gnu extension. When I compile with clang there is no error neither nor warning.
Do you know of a compiler that extension?

If the code is not correct, shouldn't the compiler report an error instead of a warning?

http://melpon.org/wandbox/permlink/EgoKQzWvvw0n8UhG

Vicente

[Richard Smith]

On Wed, May 25, 2016 at 2:50 PM, Vicente J. Botet Escriba <vicent...@wanadoo.fr> wrote:

Le 25/05/2016 à 08:50, Thiago Macieira a écrit :

Em quarta-feira, 25 de maio de 2016, às 07:03:14 PDT, Vicente J. Botet Escriba 
escreveu:

Le 24/05/2016 à 23:20, Brian Bi a écrit :

Flexible array members are not part of standard C++. The definition of
struct S is illegal.

Do you have a pointer on the standard, so that I can understand why?

The point is that the standard does not say it's valid, so it isn't. The C 
standard specifically and explicitly allows that, but the equivalent text is 
not in the C++ standard.

Your C++ compiler has an extension to the language allowing that C feature, 
like many C compilers do for C features not in the C++ official language 
(designated intialisers, restrict, _Atomic, etc.). Since that is so, you'll 
need to discuss with your vendor to see why it allows flexible array members 
and yet complains that you've gone over the array size limit.

Hi,

I'm compiling with gcc std=c++11, not with gnu extension. When I compile with clang there is no error neither nor warning.

Both compilers enable some extensions by default. Try using -pedantic or -pedantic-errors.

Do you know of a compiler that extension?

If the code is not correct, shouldn't the compiler report an error instead of a warning?

No, the standard requires that a diagnostic is produced, and does not distinguish between warnings and errors. 

http://melpon.org/wandbox/permlink/EgoKQzWvvw0n8UhG

Vicente

[Vicente J. Botet Escriba]

BTW, the HEAD of gcc-7.0.0 201605 don't report the warning anymore :)

Vicente

[Vicente J. Botet Escriba]

Le 26/05/2016 à 00:09, Richard Smith a écrit :

On Wed, May 25, 2016 at 2:50 PM, Vicente J. Botet Escriba <vicent...@wanadoo.fr> wrote:

Le 25/05/2016 à 08:50, Thiago Macieira a écrit :

Em quarta-feira, 25 de maio de 2016, às 07:03:14 PDT, Vicente J. Botet Escriba 
escreveu:

Le 24/05/2016 à 23:20, Brian Bi a écrit :

Flexible array members are not part of standard C++. The definition of
struct S is illegal.

Do you have a pointer on the standard, so that I can understand why?

The point is that the standard does not say it's valid, so it isn't. The C 
standard specifically and explicitly allows that, but the equivalent text is 
not in the C++ standard.

Your C++ compiler has an extension to the language allowing that C feature, 
like many C compilers do for C features not in the C++ official language 
(designated intialisers, restrict, _Atomic, etc.). Since that is so, you'll 
need to discuss with your vendor to see why it allows flexible array members 
and yet complains that you've gone over the array size limit.

Hi,

I'm compiling with gcc std=c++11, not with gnu extension. When I compile with clang there is no error neither nor warning.

Both compilers enable some extensions by default. Try using -pedantic or -pedantic-errors.

Thanks. With -pedantic-errors, clang and gcc reports the error now.

prog.cc:6:14: error: flexible array members are a C99 feature [-Werror,-Wc99-extensions]
    unsigned arr[];

prog.cc:6:18: error: ISO C++ forbids zero-size array 'arr' [-Wpedantic]
     unsigned arr[];

Do you know of a compiler that extension?

If the code is not correct, shouldn't the compiler report an error instead of a warning?

No, the standard requires that a diagnostic is produced, and does not distinguish between warnings and errors.

Good point.

Thanks again,
Vicente

[Mikhail Maltsev]

On 05/26/2016 01:12 AM, Vicente J. Botet Escriba wrote:
>
> BTW, the HEAD of gcc-7.0.0 201605 don't report the warning anymore :)
>

Neither does GCC 6. I'll bisect and file a bug report.

--
Regards,
Mikhail Maltsev

[Vicente J. Botet Escriba]

Le 26/05/2016 à 12:57, Mikhail Maltsev a écrit :

On 05/26/2016 01:12 AM, Vicente J. Botet Escriba wrote:

BTW, the HEAD of gcc-7.0.0 201605 don't report the warning anymore :)

Neither does GCC 6. I'll bisect and file a bug report.

When I use -pedantic-errors error are reported, so I guess the compilers are conforming to the standard.

Vicente

[Mikhail Maltsev]

This is weird, for me '-pedantic-errors' does not change anything.
Also, I filed a bug report yesterday:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71290. ISTM, GCC folks are planning
to work on fixing it.

--
Regards,
Mikhail Maltsev