-fcatch-undefined-behavior only catches local array access thats more than 1 element above the size

Question

I have a question regarding the catch-undefined-behavior flag in clang. I tried it out in a big project written in C, where at one point, an integer value (i) supplied by the user arrives. I then added the following code:

int arr[3]
arr[i] = 1234;

But when I run the code with gdb it only stops when the variable i has a value of 4 or greater. So when I pass value 3 to i it still accesses the array outside of it's bounds without stopping.

Is this a known limitation of -fcatch-undefined-behavior? Or does it only check if the access is outside of the stack frame, and not outside of local arrays?

Best regards Christian

P.S.: I use clang+llvm 3.0 as compiler/linker. Target is x86. The program runs inside a xubuntu 12.04 virtual machine on a Windows XP box.

Answer 1

Annex J of the ISO C standard lists the following undefined behaviour relevant to your question:

• Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that does not point into, or just beyond, the same array object (6.5.6).
• Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that points just beyond the array object and is used as the operand of a unary * operator that is evaluated (6.5.6).

According to your post, Clang's -fcatch-undefined-behavior seems to only catch the first of those two.