This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/83343] New: missing -Wstringop-overflow on writing via stpncpy return value
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Sat, 09 Dec 2017 01:57:08 +0000
- Subject: [Bug tree-optimization/83343] New: missing -Wstringop-overflow on writing via stpncpy return value
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83343
Bug ID: 83343
Summary: missing -Wstringop-overflow on writing via stpncpy
return value
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
In the following test case, although the call to stpncpy() doesn't overflow but
because the function returns a pointer just past the end of the destination
(i.e., d + sizeof d), assigning a value via the returned pointer does. This
bug could be relatively easily detected by the -Wstringop-overflow checker
(but, as is evident from the output, isn't, nor is it prevented with
_FORTIFY_SOURCE).
$ (set -x && cat a.c && for opt in '' -D_FORTIFY_SOURCE=2; do gcc $opt -O2 -S
-Wall -fdump-tree-optimized=/dev/stdout a.c; done)
+ cat a.c
#ifdef _FORTIFY_SOURCE
# include <string.h>
#endif
char* stpncpy (char*, const char*, __SIZE_TYPE__);
char d[8];
void f (const char *s)
{
*stpncpy (d, s, sizeof d) = 0;
}
+ for opt in ''\'''\''' -D_FORTIFY_SOURCE=2
+ gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c
;; Function f (f, funcdef_no=0, decl_uid=1897, cgraph_uid=0, symbol_order=1)
f (const char * s)
{
char * _1;
<bb 2> [local count: 1073741825]:
_1 = stpncpy (&d, s_3(D), 8);
*_1 = 0;
return;
}
+ for opt in ''\'''\''' -D_FORTIFY_SOURCE=2
+ gcc -D_FORTIFY_SOURCE=2 -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c
;; Function f (f, funcdef_no=14, decl_uid=2192, cgraph_uid=14, symbol_order=15)
f (const char * s)
{
char * _4;
<bb 2> [local count: 1073741825]:
_4 = __stpncpy_alias (&d, s_2(D), 8);
*_4 = 0;
return;
}