The first call to memcpy below triggers a warning for reading past the end of the string returned from f(), but the second call doesn't. $ cat x.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout x.c const char* f (void) { return "123"; } char a[32]; void g (void) { __builtin_memcpy (a, "123", sizeof a); // warning (good) } void h (void) { __builtin_memcpy (a, f (), sizeof a); // missing warning (bug) } ;; Function f (f, funcdef_no=0, decl_uid=1931, cgraph_uid=1, symbol_order=0) f () { <bb 2> [local count: 1073741824]: return "123"; } x.c: In function ‘g’: x.c:7:3: warning: ‘__builtin_memcpy’ forming offset [4, 31] is out of the bounds [0, 4] [-Warray-bounds] 7 | __builtin_memcpy (a, "123", sizeof a); // warning (good) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ;; Function g (g, funcdef_no=1, decl_uid=1935, cgraph_uid=2, symbol_order=2) g () { <bb 2> [local count: 1073741824]: __builtin_memcpy (&a, "123", 32); [tail call] return; } ;; Function h (h, funcdef_no=2, decl_uid=1938, cgraph_uid=3, symbol_order=3) h () { <bb 2> [local count: 1073741824]: MEM <unsigned char[32]> [(char * {ref-all})&a] = MEM <unsigned char[32]> [(char * {ref-all})"123"]; return; }
With -Wall the test case triggers -Warray-bounds. Without -Wall it triggers -Wstringop-overread.