This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug tree-optimization/82646] bogus -Wstringop-overflow with -D_FORTIFY_SOURCE=2 on strncpy with range to a member array


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82646

Jeffrey A. Law <law at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |law at redhat dot com
         Resolution|---                         |INVALID

--- Comment #1 from Jeffrey A. Law <law at redhat dot com> ---
This test looks bogus to me.

"g" boils down to:

g (struct S * p, int n)
{
  long unsigned int _1;
  char[5] * _2;

;;   basic block 2, loop depth 0, count 1073741825 (estimated locally), maybe
hot
;;    prev block 0, next block 1, flags: (NEW, REACHABLE, VISITED)
;;    pred:       ENTRY [always]  count:1073741826 (estimated locally)
(FALLTHRU,EXECUTABLE)
  n_7 = MAX_EXPR <n_4(D), 5>;
  _1 = (long unsigned int) n_7;
  _2 = &p_5(D)->a;
  __builtin___strncpy_chk (_2, "1234567", _1, 5);
  sink (_2);
  return;
;;    succ:       EXIT [always (guessed)]  count:1073741825 (estimated locally)
(EXECUTABLE)

}

We can pretty easily see that _1 can exceed "7" and thus we could do an
out-of-bounds write.  THe fact that it doesn't is because main passes in the
value of 1.  MAX (1, 5) is 5, thus no runtime failure.  Pass in a large value
to g and you'll get a nice runtime failure.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]