This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/82646] bogus -Wstringop-overflow with -D_FORTIFY_SOURCE=2 on strncpy with range to a member array
- From: "law at redhat dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 05 Dec 2017 00:46:14 +0000
- Subject: [Bug tree-optimization/82646] bogus -Wstringop-overflow with -D_FORTIFY_SOURCE=2 on strncpy with range to a member array
- Auto-submitted: auto-generated
- References: <bug-82646-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82646
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |law at redhat dot com
Resolution|--- |INVALID
--- Comment #1 from Jeffrey A. Law <law at redhat dot com> ---
This test looks bogus to me.
"g" boils down to:
g (struct S * p, int n)
{
long unsigned int _1;
char[5] * _2;
;; basic block 2, loop depth 0, count 1073741825 (estimated locally), maybe
hot
;; prev block 0, next block 1, flags: (NEW, REACHABLE, VISITED)
;; pred: ENTRY [always] count:1073741826 (estimated locally)
(FALLTHRU,EXECUTABLE)
n_7 = MAX_EXPR <n_4(D), 5>;
_1 = (long unsigned int) n_7;
_2 = &p_5(D)->a;
__builtin___strncpy_chk (_2, "1234567", _1, 5);
sink (_2);
return;
;; succ: EXIT [always (guessed)] count:1073741825 (estimated locally)
(EXECUTABLE)
}
We can pretty easily see that _1 can exceed "7" and thus we could do an
out-of-bounds write. THe fact that it doesn't is because main passes in the
value of 1. MAX (1, 5) is 5, thus no runtime failure. Pass in a large value
to g and you'll get a nice runtime failure.