This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/80346] pessimistic stringop-overflow
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 06 Apr 2017 19:11:52 +0000
- Subject: [Bug middle-end/80346] pessimistic stringop-overflow
- Auto-submitted: auto-generated
- References: <bug-80346-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80346
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-04-06
CC| |msebor at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed with the top of trunk. The __builtin_constant_p call makes the
difference. The following is a small test case showing that the invalid memcpy
call is, in fact, emitted by GCC. This isn't the same issue as bug 79095.
Beyond the warning GCC doesn't "know" that memcpy(d, s, -1) is unavoidably
invalid.
$ cat b.c && gcc -O2 -S -Wall -Wextra -Wpedantic
-fdump-tree-optimized=/dev/stdout b.c
typedef __SIZE_TYPE__ size_t;
void f (void *d, const char *s, size_t a, size_t b)
{
if (__builtin_constant_p (a) && a <= b)
__builtin_memcpy (d, s, a);
}
void g (void *d, const char *s, size_t b)
{
f (d, s, -1, b);
}
;; Function f (f, funcdef_no=0, decl_uid=1799, cgraph_uid=0, symbol_order=0)
f (void * d, const char * s, size_t a, size_t b)
{
<bb 2> [100.00%]:
return;
}
;; Function g (g, funcdef_no=1, decl_uid=1804, cgraph_uid=1, symbol_order=1)
Removing basic block 5
g (void * d, const char * s, size_t b)
{
<bb 2> [100.00%]:
if (b_4(D) == 18446744073709551615)
goto <bb 3>; [22.95%]
else
goto <bb 4>; [77.05%]
<bb 3> [22.95%]:
__builtin_memcpy (d_2(D), s_3(D), 18446744073709551615); [tail call]
<bb 4> [100.00%]:
return;
}
In function ‘f’,
inlined from ‘g’ at b.c:11:3:
b.c:6:5: warning: ‘__builtin_memcpy’: specified size 18446744073709551615
exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
__builtin_memcpy (d, s, a);
^~~~~~~~~~~~~~~~~~~~~~~~~~