[Bug tree-optimization/70717] missing warning on trivial buffer overflow

["msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70717

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2016-04-22
                 CC|                            |msebor at gcc dot gnu.org
          Component|sanitizer                   |tree-optimization
            Summary|-fsanitize=object-size as   |missing warning on trivial
                   |warning                     |buffer overflow
     Ever confirmed|0                           |1

--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
I agree there's an opportunity to diagnose a subset of buffer overflows and
other simple out-of-bounds accesses during translation and without
optimization.  For example, in the slightly less trivial example below, the
call to memcpy() clearly overwrites the destination buffer and could be
diagnosed (it is neither diagnosed nor prevented with _FORTIFY_SOURCE):

void f (unsigned N)
{
  int a [N];
  read (0, a, sizeof a);

  char b [N];
  memcpy (b, a, sizeof a);
  write (1, b, sizeof a);
}

Rather than in the sanitizer which typically involves run-time instrumentation
and has a considerable performance overhead, I think it would be better done in
GCC under the -Warray-bounds option (without requiring optimization for the
simple cases).  -Warray-bounds doesn't warn about code like the above even when
the value of N is a known (including a constant expression).

_FORTIFY_SOURCE could also be enhanced to detect this problem.  Since this
latter part is something I'm supposed to be looking into I'll confirm this
request, adjust the Summary, and for lack of a better alternative set the
Component to tree-optimization.