The following test case reduced from RHBZ #1800289 shows a spurious -Wstringop-overflow issued for the memcpy call. The warning misinterprets the second MEM_REF involving the string as a store of the string itself into the allocated object (as opposed to the store of its address into the char* member). $ cat rhbz-1800289.c && gcc -O2 -S -Wall -Wextra -fdump-tree-strlen=/dev/stdout rhbz-1800289.c struct S { void *p, *q, *r; } a; void create_command_list (void) { struct S b = { 0, "Enable all debug messages", 0 }; __builtin_memcpy (&a, &b, sizeof b); } ;; Function create_command_list (create_command_list, funcdef_no=0, decl_uid=1935, cgraph_uid=1, symbol_order=1) ;; 1 loops found ;; ;; Loop 0 ;; header 0, latch 1 ;; depth 0, outer -1 ;; nodes: 0 1 2 ;; 2 succs { 1 } rhbz-1800289.c: In function ‘create_command_list’: rhbz-1800289.c:10:3: warning: writing 26 bytes into a region of size 16 [-Wstringop-overflow=] 10 | __builtin_memcpy (&a, &b, sizeof b); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ rhbz-1800289.c:4:3: note: at offset 8 to object ‘a’ with size 24 declared here 4 | } a; | ^ create_command_list () { <bb 2> [local count: 1073741824]: MEM <void *> [(char * {ref-all})&a] = 0B; MEM <void *> [(char * {ref-all})&a + 8B] = "Enable all debug messages"; MEM <void *> [(char * {ref-all})&a + 16B] = 0B; return; }
Patch: https://gcc.gnu.org/ml/gcc-patches/2020-02/msg01140.html
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>: https://gcc.gnu.org/g:1e9369c5dcf301e090d3a83e2c210cd6b96ac08c commit r10-6959-g1e9369c5dcf301e090d3a83e2c210cd6b96ac08c Author: Martin Sebor <msebor@redhat.com> Date: Sun Mar 1 17:35:49 2020 -0700 PR middle-end/93829 - bogus -Wstringop-overflow on memcpy of a struct with a pointer member from another with a long string gcc/testsuite/ChangeLog: PR middle-end/93829 * gcc.dg/Wstringop-overflow-32.c: New test. gcc/ChangeLog: PR middle-end/93829 * tree-ssa-strlen.c (count_nonzero_bytes): Set the size to that of a pointer in the outermost ADDR_EXPRs.
Fixed.