Bug 84398 - missing -Wstringop-truncation on strncpy into VLA and dynamically allocated arrays
Summary: missing -Wstringop-truncation on strncpy into VLA and dynamically allocated a...
Status: UNCONFIRMED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 8.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: Wstringop-truncation
  Show dependency treegraph
 
Reported: 2018-02-15 01:11 UTC by Martin Sebor
Modified: 2019-01-09 23:46 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2018-02-15 01:11:20 UTC 
-stringop-truncation works as expected with statically allocated arrays but fails to detect the same problem involving dynamically allocated arrays.

$ cat t.c && gcc -O2 -S -Wall t.c
void sink (void*);

void f0 (const char *s)
{
  char a[7];
  __builtin_strncpy (a, s, sizeof a);   // -Wstringop-truncation (good)
  sink (a);
}

void f1 (const char *s, unsigned n)
{
  if (n > 256)
    n = 256;

  char a[n];
  __builtin_strncpy (a, s, n);   // missing warning

  sink (a);
}

void f2 (const char *s, unsigned n)
{
  if (n > 256)
    n = 256;

  char *p = __builtin_alloca (n);   // missing warning

  __builtin_strncpy (p, s,  n);
  sink (p);
}

void f3 (const char *s, unsigned n)
{
  if (n > 256)
    n = 256;

  char *p = __builtin_malloc (n);

  __builtin_strncpy (p, s, n);   // missing warning
  sink (p);
}

t.c: In function ‘f0’:
t.c:6:3: warning: ‘__builtin_strncpy’ specified bound 7 equals destination size [-Wstringop-truncation]
   __builtin_strncpy (a, s, sizeof a);   // -Wstringop-truncation (good)
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~