Bug 79222 - missing -Wstringop-overflow= on a stpcpy overflow
Summary: missing -Wstringop-overflow= on a stpcpy overflow
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 7.0
: P3 normal
Target Milestone: ---
Assignee: Martin Sebor
URL:
Keywords: diagnostic, patch
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2017-01-25 03:17 UTC by Martin Sebor
Modified: 2018-12-11 00:31 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work: 8.0
Known to fail: 7.0
Last reconfirmed: 2017-01-25 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2017-01-25 03:17:37 UTC 
The new -Wstrop-overflow added in r243419 fails to diagnose buffer overflows caused by calls to the stpcpy function.  Looks like I missed that function.

$ cat t.c && gcc -O2 -S -Wall -Wextra -Wpedantic -fdump-tree-optimized=/dev/stdout t.c
char d[3];

char* f (int i)
{
  const char *s = i < 0 ? "01234567" : "9876543210";
  return __builtin_stpcpy (d, s);
}

;; Function f (f, funcdef_no=0, decl_uid=1796, cgraph_uid=0, symbol_order=1)

Removing basic block 3
f (int i)
{
  const char * iftmp.0_1;
  char * _5;

  <bb 2> [100.00%]:
  if (i_2(D) < 0)
    goto <bb 4>; [32.39%]
  else
    goto <bb 3>; [67.61%]

  <bb 3> [67.61%]:

  <bb 4> [100.00%]:
  # iftmp.0_1 = PHI <"01234567"(2), "9876543210"(3)>
  _5 = __builtin_stpcpy (&d, iftmp.0_1); [tail call]
  return _5;

}
Comment 1 Martin Sebor 2017-01-25 03:18:18 UTC 
Let me fix it.
Comment 2 Martin Sebor 2017-01-25 21:15:03 UTC 
Patch posted for review:
https://gcc.gnu.org/ml/gcc-patches/2017-01/msg01994.html
Comment 3 Martin Sebor 2017-05-04 20:55:15 UTC 
Author: msebor
Date: Thu May  4 20:54:43 2017
New Revision: 247618

URL: https://gcc.gnu.org/viewcvs?rev=247618&root=gcc&view=rev
Log:
PR preprocessor/79214 -  -Wno-system-header defeats strncat buffer overflow warnings
PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
PR middle-end/79223 - missing -Wstringop-overflow on a memmove overflow

gcc/ChangeLog:

	PR preprocessor/79214
	PR middle-end/79222
	PR middle-end/79223
	* builtins.c (check_sizes): Add inlinining context and issue
	warnings even when -Wno-system-headers is set.
	(check_strncat_sizes): Same.
	(expand_builtin_strncat): Same.
	(expand_builtin_memmove): New function.
	(expand_builtin_stpncpy): Same.
	(expand_builtin): Handle memmove and stpncpy.

gcc/testsuite/ChangeLog:

	PR preprocessor/79214
	PR middle-end/79222
	PR middle-end/79223
	* gcc.dg/pr79214.c: New test.
	* gcc.dg/pr79214.h: New test header.
	* gcc.dg/pr79222.c: New test.
	* gcc.dg/pr79223.c: New test.
	* gcc.dg/pr78138.c: Adjust.
	* gfortran.dg/unconstrained_commons.f: Same.


Added:
    trunk/gcc/testsuite/gcc.dg/pr79214.c
    trunk/gcc/testsuite/gcc.dg/pr79214.h
    trunk/gcc/testsuite/gcc.dg/pr79222.c
    trunk/gcc/testsuite/gcc.dg/pr79223.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/builtins.c
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/gcc.dg/pr78138.c
    trunk/gcc/testsuite/gfortran.dg/unconstrained_commons.f
Comment 4 Martin Sebor 2017-05-04 20:58:15 UTC 
Fix committed in r247618.