Bug 92940 - incorrect offset and size in -Wstringop-overflow for out-of-bounds store into VLA and two offset ranges
Summary: incorrect offset and size in -Wstringop-overflow for out-of-bounds store into...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 10.0
: P3 normal
Target Milestone: 11.0
Assignee: Martin Sebor
URL:
Keywords: diagnostic, patch
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2019-12-14 00:30 UTC by Martin Sebor
Modified: 2020-11-29 22:40 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work: 11.0
Known to fail: 10.2.0
Last reconfirmed: 2020-11-03 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2019-12-14 00:30:48 UTC
With the last patch in the series for pr91582 applied () GCC prints the wrong offset and size in the note that follows the (justified) -Wstringop-overflow warning below.  The root cause is the same as in pr92939 but here the symptom is different and the problem more apparent.

The note should print the range the out-of-bounds offset or index is in as well as the range the size is in.

$ cat a.c && gcc -O2 -S -Wall a.c
void f (void*);

void g (int i, int j, int n)
{
  if (i < 1 || 2 < i) i = 1;
  if (j < 3 || 5 < j) j = 3;
  if (n < 3 || 4 < n) n = 3;
 
  char a[n];
  char *p = a;

  p += i;
  p[j] = 0;    

  f (p);
}
a.c: In function ‘g’:
a.c:13:8: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
   13 |   p[j] = 0;
      |   ~~~~~^~~
a.c:9:8: note: at offset 0 to an object with size 0 declared here
    9 |   char a[n];
      |        ^
Comment 1 Martin Sebor 2019-12-14 00:31:52 UTC
The referenced patch: https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00829.html
Comment 2 Martin Sebor 2020-11-03 15:30:36 UTC
Fixed in the following patch for pr92936:
https://gcc.gnu.org/pipermail/gcc-patches/2020-November/557807.html
Comment 3 CVS Commits 2020-11-29 22:13:33 UTC
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:

https://gcc.gnu.org/g:eafe8ee7af13c39805ea09bbf5b4f9ab2a48304a

commit r11-5523-geafe8ee7af13c39805ea09bbf5b4f9ab2a48304a
Author: Martin Sebor <msebor@redhat.com>
Date:   Sun Nov 29 15:09:30 2020 -0700

    Handle PHIs in compute_objsize.
    
    PR middle-end/92936 - missing warning on a past-the-end store to a PHI
    PR middle-end/92940 - incorrect offset and size in -Wstringop-overflow for out-of-bounds store into VLA and two offset ranges
    PR middle-end/89428 - missing -Wstringop-overflow on a PHI with variable offset
    
    gcc/ChangeLog:
    
            PR middle-end/92936
            PR middle-end/92940
            PR middle-end/89428
            * builtins.c (access_ref::access_ref): Initialize member.
            (access_ref::phi): New function.
            (access_ref::get_ref): New function.
            (access_ref::add_offset): Remove duplicate assignment.
            (maybe_warn_for_bound): Add "maybe" kind of warning messages.
            (warn_for_access): Same.
            (inform_access): Rename...
            (access_ref::inform_access): ...to this.  Print PHI arguments.  Format
            offset the same as size and simplify.  Improve printing of allocation
            functions and VLAs.
            (check_access): Adjust to the above.
            (gimple_parm_array_size): Change argument.
            (handle_min_max_size): New function.
            * builtins.h (class ssa_name_limit_t): Move class here from
            tree-ssa-strlen.c.
            (struct access_ref): Declare new members.
            (gimple_parm_array_size): Change argument.
            * tree-ssa-strlen.c (maybe_warn_overflow): Use access_ref and simplify.
            (handle_builtin_memcpy): Correct argument passed to maybe_warn_overflow.
            (handle_builtin_memset): Same.
            (class ssa_name_limit_t): Move class to builtins.{h,c}.
    
    gcc/testsuite/ChangeLog:
    
            PR middle-end/92936
            PR middle-end/92940
            PR middle-end/89428
            * c-c++-common/Wstringop-overflow-2.c: Adjust text of expected
            informational notes.
            * g++.dg/warn/Wstringop-overflow-3.C: Same.
            * g++.dg/warn/Wplacement-new-size.C: Remove a test for a no longer
            issued warning.
            * gcc.dg/Warray-bounds-43.c: Removed unused declarations.
            * gcc.dg/Wstringop-overflow-11.c: Remove xfails.
            * gcc.dg/Wstringop-overflow-12.c: Same.
            * gcc.dg/Wstringop-overflow-17.c: Adjust text of expected messages.
            * gcc.dg/Wstringop-overflow-27.c: Same.  Remove xfails.
            * gcc.dg/Wstringop-overflow-28.c: Adjust text of expected messages.
            * gcc.dg/Wstringop-overflow-29.c: Same.
            * gcc.dg/Wstringop-overflow-37.c: Same.
            * gcc.dg/Wstringop-overflow-46.c: Same.
            * gcc.dg/Wstringop-overflow-47.c: Same.
            * gcc.dg/Wstringop-overflow-54.c: Same.
            * gcc.dg/warn-strnlen-no-nul.c: Add expected warning.
            * gcc.dg/Wstringop-overflow-7.c: New test.
            * gcc.dg/Wstringop-overflow-58.c: New test.
            * gcc.dg/Wstringop-overflow-59.c: New test.
            * gcc.dg/Wstringop-overflow-60.c: New test.
            * gcc.dg/Wstringop-overflow-61.c: New test.
            * gcc.dg/Wstringop-overflow-62.c: New test.
            * gcc.dg/Wstringop-overflow-63.c: New test.
            * gcc.dg/Wstringop-overflow-64.c: New test.
Comment 4 Martin Sebor 2020-11-29 22:40:28 UTC
Resolved by r11-5523 for GCC 11 which prints the following warning and note:

$ gcc -O2 -S pr92940.c
pr92940.c: In function ‘g’:
pr92940.c:13:8: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
   13 |   p[j] = 0;
      |   ~~~~~^~~
pr92940.c:9:8: note: at offset 4 into destination object ‘a’ of size [3, 4]
    9 |   char a[n];
      |        ^