[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow with a small power-of-2 size

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Sat Sep 30 16:12:00 GMT 2017


Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
            Summary|missing                     |missing
                   |-Wstringop-overflow= on a   |-Wstringop-overflow= on a
                   |memcpy overflow             |memcpy overflow with a
                   |                            |small power-of-2 size

--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The cause is of the missing warning is the folder
(gimple_fold_builtin_memory_op in gimple-fold.c) folding all copies with
power-of-two sizes less than MOVE_MAX, with no checking (see below).  MOVE_MAX
is typically 8 or 8 but on some targets, including x86_64, it's as much as 16. 
Although some basic simple checking could be done there, e.g., on arrays of
known size, the folder runs before the full object size information is
available and deferring the folding until it apparently isn't desirable.

      /* If we can perform the copy efficiently with first doing all loads
         and then all stores inline it that way.  Currently efficiently
         means that we can load all the memory into a single integer
         register which is what MOVE_MAX gives us.  */
      src_align = get_pointer_alignment (src);
      dest_align = get_pointer_alignment (dest);
      if (tree_fits_uhwi_p (len)
          && compare_tree_int (len, MOVE_MAX) <= 0
          /* ???  Don't transform copies from strings with known length this
             confuses the tree-ssa-strlen.c.  This doesn't handle
             the case in gcc.dg/strlenopt-8.c which is XFAILed for that
             reason.  */
          && !c_strlen (src, 2))
          unsigned ilen = tree_to_uhwi (len);
          if (pow2p_hwi (ilen))

More information about the Gcc-bugs mailing list