Bug 101455 - missing -Wstringop-overflow on buffer overflow by a complex number
Summary: missing -Wstringop-overflow on buffer overflow by a complex number
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 11.1.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: Warray-bounds Wstringop-overflow
  Show dependency treegraph
 
Reported: 2021-07-14 17:43 UTC by Martin Sebor
Modified: 2021-08-28 23:38 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2021-08-28 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2021-07-14 17:43:50 UTC
The store in the function below overflows the buffer and should be diagnosed by -Wstringop-overflow (which is enabled by default) but isn't.  It's only diagnosed by -Warray-bounds (which is included in -Wall).

$ cat a.c && gcc -O2 -S -fdump-tree-strlen=/dev/stdout a.c
void* f (double x, double i)
{
  _Complex double *p = __builtin_malloc (sizeof (double));
  *p = __builtin_complex (x, i);
  return p;
}

;; Function f (f, funcdef_no=0, decl_uid=1944, cgraph_uid=1, symbol_order=0)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2
;; 2 succs { 1 }
void * f (double x, double i)
{
  complex double * p;

  <bb 2> [local count: 1073741824]:
  p_3 = __builtin_malloc (8);
  REALPART_EXPR <*p_3> = x_4(D);
  IMAGPART_EXPR <*p_3> = i_5(D);
  return p_3;

}
Comment 1 Andrew Pinski 2021-08-28 20:53:27 UTC
Confirmed, that is we should get a warning at -O0 -W -Wall.

Note the gimple is different between -O2 and -O0.

-O0 gimple:
  p_4 = __builtin_malloc (8);
  _1 = COMPLEX_EXPR <x_5(D), i_6(D)>;
  *p_4 = _1;