Summary: | [4.6 Regression] Incorrect fortify warning for a packed struct member | ||
---|---|---|---|
Product: | gcc | Reporter: | İsmail Dönmez <ismail> |
Component: | middle-end | Assignee: | Richard Biener <rguenth> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | marcus |
Priority: | P3 | Keywords: | diagnostic |
Version: | 4.6.0 | ||
Target Milestone: | 4.6.1 | ||
Host: | Target: | ||
Build: | Known to work: | 4.6.1, 4.7.0 | |
Known to fail: | 4.6.0 | Last reconfirmed: | 2011-03-24 11:14:23 |
Attachments: | Preprocessed source |
Description
İsmail Dönmez
2011-03-24 09:54:02 UTC
Created attachment 23766 [details]
Preprocessed source
there is a malloc(sizeof(struct1)+sizeof(struct2)) and the struct 1 has uint8_t data[0] at the end, where struct2* = struct1*->data; the malloc() seems to allocate insufficient memory, spo the overflow checker triggers. D.83064_56 = in_int_3(D)->strong_source; D.83065_57 = D.83064_56->_vptr.KisPacketSource; D.83086_59 = MEM[(int (*__vtbl_ptr_type) (void) *)D.83065_57 + 92B]; D.73136 = OBJ_TYPE_REF(D.83086_59;D.83064_56->23) (D.83064_56); [return slot optimization] D.83087_61 = std::basic_string<char>::c_str (&D.73136); D.83088_63 = &MEM[(struct drone_source_packet *)dpkt_1 + 12B].interface_str; __s_143 = (char * restrict) D.83088_63; D.85546_145 = 16; __builtin___snprintf_chk (__s_143, 16, 1, D.85546_145, "%s", D.83087_61); std::basic_string<char>::~basic_string (&D.73136); D.83064_65 = in_int_3(D)->strong_source; D.83065_66 = D.83064_65->_vptr.KisPacketSource; D.83090_68 = MEM[(int (*__vtbl_ptr_type) (void) *)D.83065_66 + 96B]; D.73137 = OBJ_TYPE_REF(D.83090_68;D.83064_65->24) (D.83064_65); [return slot optimization] D.83091_70 = std::basic_string<char>::c_str (&D.73137); D.83092_72 = &MEM[(struct drone_source_packet *)dpkt_1 + 12B].type_str; __s_147 = (char * restrict) D.83092_72; D.85552_149 = 9; __builtin___snprintf_chk (__s_147, 16, 1, D.85552_149, "%s", D.83091_70); so for some reason we compute the object size of *D.38092_72 as 9. We allocated dpkt_1 as dpkt_1 = malloc (89); which looks like enough. C testcase: typedef struct { unsigned int sentinel; char data[0]; } drone_packet; typedef struct { char type_str[16]; char channel_hop; } drone_source_packet; drone_packet * foo(char *x) { drone_packet *dpkt = __builtin_malloc(sizeof(drone_packet) + sizeof(drone_source_packet)); drone_source_packet *spkt = (drone_source_packet *) dpkt->data; __builtin___snprintf_chk (spkt->type_str, 16, 1, __builtin_object_size (spkt->type_str, 1), "%s", x); return dpkt; } I have a patch. Author: rguenth Date: Thu Mar 24 12:44:58 2011 New Revision: 171388 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=171388 Log: 2011-03-24 Richard Guenther <rguenther@suse.de> PR middle-end/48269 * tree-object-size.c (addr_object_size): Do not double-account for MEM_REF offsets. * gcc.dg/builtin-object-size-10.c: New testcase. Added: trunk/gcc/testsuite/gcc.dg/builtin-object-size-10.c Modified: trunk/gcc/ChangeLog trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-object-size.c Fixed for 4.7 sofar. Author: rguenth Date: Mon Mar 28 10:14:34 2011 New Revision: 171595 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=171595 Log: 2011-03-28 Richard Guenther <rguenther@suse.de> Backport from mainline 2011-03-24 Richard Guenther <rguenther@suse.de> PR middle-end/48269 * tree-object-size.c (addr_object_size): Do not double-account for MEM_REF offsets. * gcc.dg/builtin-object-size-10.c: New testcase. 2011-03-22 Richard Guenther <rguenther@suse.de> PR tree-optimization/48228 * tree-vrp.c (vrp_visit_phi_node): Do not stop propagating for single-arg PHIs. * gcc.dg/Wstrict-overflow-23.c: New testcase. 2011-03-17 Richard Guenther <rguenther@suse.de> PR middle-end/48134 * tree-ssa.c (insert_debug_temp_for_var_def): If we propagated a value make sure to fold the statement. * gcc.dg/pr48134.c: New testcase. 2011-03-15 Richard Guenther <rguenther@suse.de> PR middle-end/48031 * fold-const.c (fold_indirect_ref_1): Do not create new variable-sized or variable-indexed array accesses when in gimple form. Added: branches/gcc-4_6-branch/gcc/testsuite/gcc.dg/Wstrict-overflow-23.c branches/gcc-4_6-branch/gcc/testsuite/gcc.dg/builtin-object-size-10.c branches/gcc-4_6-branch/gcc/testsuite/gcc.dg/pr48134.c Modified: branches/gcc-4_6-branch/gcc/ChangeLog branches/gcc-4_6-branch/gcc/fold-const.c branches/gcc-4_6-branch/gcc/testsuite/ChangeLog branches/gcc-4_6-branch/gcc/tree-object-size.c branches/gcc-4_6-branch/gcc/tree-ssa.c branches/gcc-4_6-branch/gcc/tree-vrp.c Fixed. |