New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistency with bounds on NT arrays and NT array pointers #935
Comments
Let me add: I would really like |
This looks like a bug: the compiler should issue an error for s1. Given that the declared array size, the compiler is checking that the last character in the declared array is null. It looks like there is off-by-one error in this commit: 8ee16f3. It looks like there is an error in SemaDecl.cpp in
should use |
For an _Nt_checked array the declared size should be 1 greater than the size of the initializer to accomodate the null terminator. Due to an off-by-one error in logic this was not being caught. This fixes issue #935
Fixed in PR #942 |
For an _Nt_checked array the declared size should be 1 greater than the size of the initializer to accomodate the null terminator. Due to an off-by-one error in logic this was not being caught. This fixes issue #935
I am wondering if there is an inconsistency in the way NT arrays and NT array pointers are handled. I think there is a off-by-one bug somewhere.
In particular, consider this code:
String
s1
is deemed acceptable with an initializer of 6 bytes, when considering the NULL terminator. That tells me I should interpret the declared size5
to be one less than the real size. This would make sense assuming that the_Nt_checked
annotation is indicating that one unmentioned byte is reserved for the NULL terminator.But if that's true, then I don't understand why the assignment from
s1
top1
is rejected. We just established thats1
has bounds 5 not counting the null terminator, and that is the interpretation ofp1
as well. This is why standard string library functions take_Nt_array_ptr<char>
arguments with no bounds annotation (interpreted as a bounds ofcount(0)
) -- the NULL terminator is not counted.So it would seem to me that either the initialization of
s1
is treated incorrectly (the size should include the null terminator) or the initialization ofp1
is treated incorrectly. I'm not seeing a consistent way to understand them both to be correct.The text was updated successfully, but these errors were encountered: