[PATCH 1/3] Warn about initialization of a char array with a too long constant C string.

[PATCH 1/3] Warn about initialization of a char array with a too long constant C string.

[Masatake YAMATO]

This patch adds new option -Winit-cstring to sparse.

With the option sparse can Warn about initialization of a char array
with a too long constant C string.  If the size of the char array and
the length of the string is the same, there is no space for the last
nul char of the string in the array.

              char s[3] = "abc";

If the array is used as just a byte array, not as C string, this
warning is just noise. However, if the array is passed to functions
dealing with C string like printf(%s) and strcmp, it may cause a
trouble.

Here is a example of such trouble:
     http://www.spinics.net/lists/netdev/msg229765.html
     http://www.spinics.net/lists/netdev/msg229870.html

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
 evaluate.c | 12 ++++++++----
 lib.c      |  2 ++
 lib.h      |  1 +
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/evaluate.c b/evaluate.c
index d09f271..9f2c4ac 100644
--- a/evaluate.c
+++ b/evaluate.c
@@ -2592,10 +2592,14 @@ String:
 	p = alloc_expression(e->pos, EXPR_STRING);
 	*p = *e;
 	type = evaluate_expression(p);
-	if (ctype->bit_size != -1 &&
-	    ctype->bit_size + bits_in_char < type->bit_size) {
-		warning(e->pos,
-			"too long initializer-string for array of char");
+	if (ctype->bit_size != -1) {
+		if (ctype->bit_size + bits_in_char < type->bit_size)
+			warning(e->pos,
+				"too long initializer-string for array of char");
+		else if (Winit_cstring && ctype->bit_size + bits_in_char == type->bit_size) {
+			warning(e->pos,
+				"too long initializer-string for array of char(no space for nul char)");
+		}
 	}
 	*ep = p;
 	return 1;
diff --git a/lib.c b/lib.c
index 4f69e11..7c44414 100644
--- a/lib.c
+++ b/lib.c
@@ -199,6 +199,7 @@ int Wdecl = 1;
 int Wdefault_bitfield_sign = 0;
 int Wdesignated_init = 1;
 int Wdo_while = 0;
+int Winit_cstring = 0;
 int Wenum_mismatch = 1;
 int Wnon_pointer_null = 1;
 int Wold_initializer = 1;
@@ -410,6 +411,7 @@ static const struct warning {
 	{ "designated-init", &Wdesignated_init },
 	{ "do-while", &Wdo_while },
 	{ "enum-mismatch", &Wenum_mismatch },
+	{ "init-cstring", &Winit_cstring },
 	{ "non-pointer-null", &Wnon_pointer_null },
 	{ "old-initializer", &Wold_initializer },
 	{ "one-bit-signed-bitfield", &Wone_bit_signed_bitfield },
diff --git a/lib.h b/lib.h
index ee954fe..1227de9 100644
--- a/lib.h
+++ b/lib.h
@@ -95,6 +95,7 @@ extern int Wdefault_bitfield_sign;
 extern int Wdesignated_init;
 extern int Wdo_while;
 extern int Wenum_mismatch;
+extern int Winit_cstring;
 extern int Wnon_pointer_null;
 extern int Wold_initializer;
 extern int Wone_bit_signed_bitfield;
-- 
1.7.11.7

[PATCH 2/3] Test case for -Winit-cstring option

[Masatake YAMATO]

This patch added a test case for -Winit-cstring option
to validation directory.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
 validation/init_cstring.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 validation/init_cstring.c

diff --git a/validation/init_cstring.c b/validation/init_cstring.c
new file mode 100644
index 0000000..00eca20
--- /dev/null
+++ b/validation/init_cstring.c
@@ -0,0 +1,11 @@
+static struct alpha {
+  char a[2];
+} x = { .a = "ab" };
+/*
+ * check-name: -Winit-cstring option
+ *
+ * check-command: sparse -Winit-cstring $file
+ * check-error-start
+init_cstring.c:3:14: warning: too long initializer-string for array of char(no space for nul char)
+ * check-error-end
+ */
-- 
1.7.11.7

[PATCH 3/3] Add description for -Winit-cstring option

[Masatake YAMATO]

This patch added description for -Winit-cstring option
to sparse.1.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
 sparse.1 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/sparse.1 b/sparse.1
index ae85b54..cd6be26 100644
--- a/sparse.1
+++ b/sparse.1
@@ -189,6 +189,24 @@ Sparse issues these warnings by default.  To turn them off, use
 \fB\-Wno\-enum\-mismatch\fR.
 .
 .TP
+.B \-Winit\-cstring
+Warn about initialization of a char array with a too long constant C string.
+
+If the size of the char array and the length of the string is the same,
+there is no space for the last nul char of the string in the array:
+
+.nf
+char s[3] = "abc";
+.fi
+
+If the array is used as a byte array, not as C string, this
+warning is just noise. However, if the array is passed to functions
+dealing with C string like printf(%s) and strcmp, it may cause a
+trouble.
+
+Sparse does not issue these warnings by default.
+.
+.TP
 .B \-Wnon\-pointer\-null
 Warn about the use of 0 as a NULL pointer.
 
-- 
1.7.11.7

Re: [PATCH 1/3] Warn about initialization of a char array with a too long constant C string.

[Christopher Li]

On Sat, Apr 6, 2013 at 9:58 AM, Masatake YAMATO <yamato@redhat.com> wrote:
> This patch adds new option -Winit-cstring to sparse.
>
> With the option sparse can Warn about initialization of a char array
> with a too long constant C string.  If the size of the char array and
> the length of the string is the same, there is no space for the last
> nul char of the string in the array.

Patches applied.

Chris