Bug 101475 - missing -Wstringop-overflow storing a compound literal
Summary: missing -Wstringop-overflow storing a compound literal
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 11.1.0
: P3 normal
Target Milestone: 12.0
Assignee: Martin Sebor
URL:
Keywords: diagnostic, patch
: 102722 (view as bug list)
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2021-07-16 16:58 UTC by Martin Sebor
Modified: 2022-01-14 18:15 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2021-12-16 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2021-07-16 16:58:57 UTC 
Even with pr97027 resolved -Wstringop-overflow is not issued consistently (on all targets) for buffer overflow when storing a larger compound literal into a smaller buffer.  The test case below is diagnosed by -Warray-bounds which is only enabled with -Wall and at -O2, but not by -Wstringop-overflow (which is enabled by default).  Ideally the bug should be diagnosed even at -O0.

$ cat a.c && gcc -O2 -S -fdump-tree-strlen=/dev/stdout a.c 
typedef struct A { char a[4]; } A;

extern char a[2];

void f (void)
{
  *(A*)a = (A){ 1, 2, 3, 4 };   // missing warning
}

typedef struct B { int a[2]; } B;
  
void g (void)
{
  *(B*)a = (B){ 1, 2 };   // missing warning
}

;; Function f (f, funcdef_no=0, decl_uid=3910, cgraph_uid=1, symbol_order=0)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2
;; 2 succs { 1 }
void f ()
{
  <bb 2> [local count: 1073741824]:
  MEM[(struct A *)&a].a[0] = 1;
  MEM[(struct A *)&a].a[1] = 2;
  MEM[(struct A *)&a].a[2] = 3;
  MEM[(struct A *)&a].a[3] = 4;
  return;

}



;; Function g (g, funcdef_no=1, decl_uid=3917, cgraph_uid=2, symbol_order=1)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2
;; 2 succs { 1 }
void g ()
{
  <bb 2> [local count: 1073741824]:
  MEM[(struct B *)&a].a[0] = 1;
  MEM[(struct B *)&a].a[1] = 2;
  return;

}
Comment 1 Martin Sebor 2021-12-16 18:28:59 UTC 
*** Bug 102722 has been marked as a duplicate of this bug. ***
Comment 3 GCC Commits 2022-01-14 18:14:57 UTC 
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:

https://gcc.gnu.org/g:72332337e3d8acbb21398b8d123f1bfe77a8327e

commit r12-6592-g72332337e3d8acbb21398b8d123f1bfe77a8327e
Author: Martin Sebor <msebor@redhat.com>
Date:   Fri Jan 14 11:13:08 2022 -0700

    Use enclosing object size if it's smaller than member [PR 101475].
    
    Resolves:
    PR middle-end/101475 - missing -Wstringop-overflow storing a compound literal
    
    gcc/ChangeLog:
    
            PR middle-end/101475
            * pointer-query.cc (handle_component_ref): Use the size of
            the enclosing object if it's smaller than the member.
    
    gcc/testsuite/ChangeLog:
    
            PR middle-end/101475
            * gcc.dg/Wstringop-overflow-15.c: Remove xfails.
            * gcc.dg/Wstringop-overflow-68.c: Adjust, remove xfails.
            * gcc.dg/Wstringop-overflow-88.c: New test.
Comment 4 Martin Sebor 2022-01-14 18:15:40 UTC 
Fixed in r12-6592.