Bug 86688 - missing -Wstringop-overflow using a non-string local array in strnlen with excessive bound
Summary: missing -Wstringop-overflow using a non-string local array in strnlen with ex...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 9.0
: P3 normal
Target Milestone: 10.0
Assignee: Martin Sebor
URL:
Keywords: diagnostic, patch
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2018-07-26 16:36 UTC by Martin Sebor
Modified: 2019-07-25 20:20 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2018-07-26 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2018-07-26 16:36:00 UTC
With the solution for pr86042 applied, GCC folds certain strnlen (and strlen) calls into constants before the attribute nonstring checker has had a chance to diagnose uses of nonstring arguments.  As a result, while the strnlen call in function f() is diagnosed, the corresponding call in g() is not.  They should both be diagnosed.

$ cat d.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout d.c
__attribute__ ((nonstring)) char a[3] = "123";

int f (void)
{
  return __builtin_strnlen (a, sizeof a + 1);
}

int g (void)
{
  __attribute__ ((nonstring)) char b[3];
  __builtin_memcpy (b, "123", 3);

  return __builtin_strnlen (b, sizeof b + 1);
}


;; Function f (f, funcdef_no=0, decl_uid=1899, cgraph_uid=1, symbol_order=1)

f ()
{
  long unsigned int _1;
  int _3;

  <bb 2> [local count: 1073741825]:
  _1 = __builtin_strnlen (&a, 4);
  _3 = (int) _1;
  return _3;

}


d.c: In function ‘f’:
d.c:5:10: warning: ‘__builtin_strnlen’ argument 1 declared attribute ‘nonstring’ is smaller than the specified bound 4 [-Wstringop-overflow=]
   return __builtin_strnlen (a, sizeof a + 1);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
d.c:1:34: note: argument ‘a’ declared here
 __attribute__ ((nonstring)) char a[3] = "123";
                                  ^

;; Function g (g, funcdef_no=1, decl_uid=1902, cgraph_uid=2, symbol_order=2)

g ()
{
  <bb 2> [local count: 1073741825]:
  return 3;

}
Comment 1 Richard Biener 2018-12-20 12:57:00 UTC
Doesn't work with GCC 8 so not a regression.  GCC 8 doesn't even know strnlen.
Comment 2 Martin Sebor 2019-07-19 22:06:15 UTC
Patch: https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01323.html
Comment 3 Martin Sebor 2019-07-25 00:29:48 UTC
Author: msebor
Date: Thu Jul 25 00:29:17 2019
New Revision: 273783

URL: https://gcc.gnu.org/viewcvs?rev=273783&root=gcc&view=rev
Log:
PR tree-optimization/91183 - strlen of a strcpy result with a conditional source not folded
PR tree-optimization/86688 - missing -Wstringop-overflow using a non-string local array in strnlen with excessive bound

gcc/ChangeLog:

	PR tree-optimization/91183
	PR tree-optimization/86688
	* builtins.c (compute_objsize): Handle MEM_REF.
	* tree-ssa-strlen.c (class ssa_name_limit_t): New.
	(get_min_string_length): Remove.
	(count_nonzero_bytes): New function.
	(handle_char_store): Rename...
	(handle_store): to this.  Handle multibyte stores via integer types.
	(strlen_check_and_optimize_stmt): Adjust conditional and the called
	function name.

gcc/testsuite/ChangeLog:

	PR tree-optimization/91183
	PR tree-optimization/86688
	* gcc.dg/Wstringop-overflow-14.c: New test.
	* gcc.dg/attr-nonstring-2.c: Remove xfails.
	* gcc.dg/strlenopt-70.c: New test.
	* gcc.dg/strlenopt-71.c: New test.
	* gcc.dg/strlenopt-72.c: New test.
	* gcc.dg/strlenopt-8.c: Remove xfails.

Added:
    trunk/gcc/testsuite/gcc.dg/Wstringop-overflow-14.c
    trunk/gcc/testsuite/gcc.dg/strlenopt-70.c
    trunk/gcc/testsuite/gcc.dg/strlenopt-71.c
    trunk/gcc/testsuite/gcc.dg/strlenopt-72.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/builtins.c
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/c-c++-common/ubsan/object-size-9.c
    trunk/gcc/testsuite/gcc.dg/attr-nonstring-2.c
    trunk/gcc/testsuite/gcc.dg/strlenopt-8.c
    trunk/gcc/tree-ssa-strlen.c
Comment 4 Martin Sebor 2019-07-25 19:03:31 UTC
Author: msebor
Date: Thu Jul 25 19:03:00 2019
New Revision: 273812

URL: https://gcc.gnu.org/viewcvs?rev=273812&root=gcc&view=rev
Log:
PR tree-optimization/91183
PR tree-optimization/86688

gcc/testsuite/ChangeLog:
	* gcc.dg/strlenopt-70.c: Fix bugs.
	* gcc.dg/strlenopt-71.c: Same.
	* gcc.dg/strlenopt-72.c: Same.


Modified:
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/gcc.dg/strlenopt-70.c
    trunk/gcc/testsuite/gcc.dg/strlenopt-71.c
    trunk/gcc/testsuite/gcc.dg/strlenopt-72.c
Comment 5 Martin Sebor 2019-07-25 20:20:01 UTC
Fixed for GCC 10.