This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug tree-optimization/82646] bogus -Wstringop-overflow with -D_FORTIFY_SOURCE=2 on strncpy with range to a member array

From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 05 Dec 2017 03:14:32 +0000
Subject: [Bug tree-optimization/82646] bogus -Wstringop-overflow with -D_FORTIFY_SOURCE=2 on strncpy with range to a member array
Auto-submitted: auto-generated
References: <bug-82646-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82646

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |ASSIGNED
   Last reconfirmed|                            |2017-12-05
         Resolution|INVALID                     |---
           Assignee|unassigned at gcc dot gnu.org      |msebor at gcc dot gnu.org
     Ever confirmed|0                           |1

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
This is my bad for letting these bugs sit so long without fixing them.

-Wstringop-overflow is meant to warn only for provable overflow.  In g(), the
overflow is possible but not inevitable.  The only call to the function in the
program is with an argument that guarantees the overflow doesn't happen, and so
the warning should not be issued.

The bug here is in the maybe_emit_chk_warning() function in builtins.c called
to handle __builtin___strncpy_chk.  The function passes the strncpy() bound as
the maxlen argument to check_sizes() when it should pass it as the size
argument analogously to the check_strncpy_sizes() function called for
__builtin_strncpy.

The following patch fixes the problem.  Let me run the full regression test
suite and submit it.

diff --git a/gcc/builtins.c b/gcc/builtins.c
index 097e1b7..3278c7f 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -9862,6 +9862,8 @@ maybe_emit_chk_warning (tree exp, enum built_in_function
fcode)
      (such as __strcat_chk).  */
   tree maxlen = NULL_TREE;

+  tree count = NULL_TREE;
+
   switch (fcode)
     {
     case BUILT_IN_STRCPY_CHK:
@@ -9888,7 +9890,7 @@ maybe_emit_chk_warning (tree exp, enum built_in_function
fcode)
     case BUILT_IN_STRNCPY_CHK:
     case BUILT_IN_STPNCPY_CHK:
       srcstr = CALL_EXPR_ARG (exp, 1);
-      maxlen = CALL_EXPR_ARG (exp, 2);
+      count = CALL_EXPR_ARG (exp, 2);
       objsize = CALL_EXPR_ARG (exp, 3);
       break;

@@ -9911,7 +9913,7 @@ maybe_emit_chk_warning (tree exp, enum built_in_function
fcode)
     }

   check_sizes (OPT_Wstringop_overflow_, exp,
-              /*size=*/NULL_TREE, maxlen, srcstr, objsize);
+              count, maxlen, srcstr, objsize);
 }

 /* Emit warning if a buffer overflow is detected at compile time

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]