This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/78138] New: missing warnings on buffer overflow with non-constant source length
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 28 Oct 2016 03:01:24 +0000
- Subject: [Bug middle-end/78138] New: missing warnings on buffer overflow with non-constant source length
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78138
Bug ID: 78138
Summary: missing warnings on buffer overflow with non-constant
source length
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
This is just a record of a limitation addressed in a patch already posted for
review (https://gcc.gnu.org/ml/gcc-patches/2016-10/msg02308.html).
In the following program the calls to strcpy and memcpy clearly overflow, even
though the exact size of the source sequence in each case isn't known. It
would be helpful if GCC detected this overflow and issued a warning at compile
time, rather than having the compiled program crash at runtime.
$ cat b.c && for o in "" -DCHK=1; do /build/gcc-git/gcc/xgcc -B
/build/gcc-git/gcc $o -O2 -S b.c; done
char d [5];
#ifdef CHK
# define bos(p, t) __builtin_object_size (d, t)
# define memcpy(d, s, n) __builtin___memcpy_chk (d, s, n, bos (d, 1))
# define strcpy(d, s) __builtin___strcpy_chk (d, s, bos (d, 1))
#else
void* memcpy (void*, const void*, unsigned long);
extern char* strcpy (char*, const char*);
#endif
void f (int i, int j)
{
strcpy (d, j ? "12345" : "123456");
}
void g (void *p)
{
extern unsigned n;
if (n < 17 || 32 < n) n = 7;
memcpy (d, p, n);
};