[Bug c/78973] [7.0 regression] warning: ‘memcpy’: specified size between 18446744071562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]

msebor at gcc dot gnu.org Thu, 05 Jan 2017 10:16:43 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78973


Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
            Summary|warning: ‘memcpy’:          |[7.0 regression] warning:
                   |specified size between      |‘memcpy’: specified size
                   |18446744071562067968 and    |between
                   |18446744073709551615        |18446744071562067968 and
                   |exceeds maximum object size |18446744073709551615
                   |9223372036854775807         |exceeds maximum object size
                   |[-Wstringop-overflow=]      |9223372036854775807
                   |                            |[-Wstringop-overflow=]
           Severity|enhancement                 |normal

--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Thanks.  The range printed in the diagnostic corresponds to the range of the
signed variable passed to memcpy() after conversion to size_t.  The (signed)
range is reported by the get_range_info() function as [-2147483648, -1].  The
converted variable's def_stmt looks like this:

  _309 = (long unsigned int) len_137;

The range of the len_137 variable whose type is int is [-2147483648,
2147483647], or the full range of its type, so the unsigned range has to be
considered to be [0, SIZE_MAX].  I'm testing a patch to detect this and avoid
the false positive.

[Bug c/78973] [7.0 regression] warning: ‘memcpy’: specified size between 18446744071562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]

Reply via email to