[Bug tree-optimization/83343] New: missing -Wstringop-overflow on writing via stpncpy return value

["msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83343

            Bug ID: 83343
           Summary: missing -Wstringop-overflow on writing via stpncpy
                    return value
           Product: gcc
           Version: 8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

In the following test case, although the call to stpncpy() doesn't overflow but
because the function returns a pointer just past the end of the destination
(i.e., d + sizeof d), assigning a value via the returned pointer does.  This
bug could be relatively easily detected by the -Wstringop-overflow checker
(but, as is evident from the output, isn't, nor is it prevented with
_FORTIFY_SOURCE).

$ (set -x && cat a.c && for opt in '' -D_FORTIFY_SOURCE=2; do gcc $opt -O2 -S
-Wall -fdump-tree-optimized=/dev/stdout a.c; done)
+ cat a.c
#ifdef _FORTIFY_SOURCE
#  include <string.h>
#endif

char* stpncpy (char*, const char*, __SIZE_TYPE__);

char d[8];

void f (const char *s)
{
  *stpncpy (d, s, sizeof d) = 0;
}
+ for opt in ''\'''\''' -D_FORTIFY_SOURCE=2
+ gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c

;; Function f (f, funcdef_no=0, decl_uid=1897, cgraph_uid=0, symbol_order=1)

f (const char * s)
{
  char * _1;

  <bb 2> [local count: 1073741825]:
  _1 = stpncpy (&d, s_3(D), 8);
  *_1 = 0;
  return;

}


+ for opt in ''\'''\''' -D_FORTIFY_SOURCE=2
+ gcc -D_FORTIFY_SOURCE=2 -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c

;; Function f (f, funcdef_no=14, decl_uid=2192, cgraph_uid=14, symbol_order=15)

f (const char * s)
{
  char * _4;

  <bb 2> [local count: 1073741825]:
  _4 = __stpncpy_alias (&d, s_2(D), 8);
  *_4 = 0;
  return;

}