https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79214
Bug ID: 79214
Summary: -Wno-system-header defeats strncat buffer overflow
warnings
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: preprocessor
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
In the following program the -Wstringop-overflow= function detects the
incorrectly bounded call to __builtin_strncat in function f() but fails to
detect the same problem in the call to strncat in function g(). On this system
(Fedora 21) strncat is a macro defined in <string.h> to __builtin_strncat so
the code in both f() and g() is identical. The problem is that because the
strncat macro is defined in a system header and the -Wno-system-headers option
is enabled by default the warning in the second instance is suppressed.
$ cat t.c && gcc -O2 -S -Wall -Wextra t.c
#include <string.h>
void foo (void*);
void f (const char *fname)
{
char d[8];
__builtin_strncpy (d, "/tmp/", sizeof d);
__builtin_strncat (d, fname, sizeof d);
foo (d);
}
void g (const char *fname)
{
char d[8];
strncpy (d, "/var/", sizeof d);
strncat (d, fname, sizeof d);
foo (d);
}
t.c: In function âfâ:
t.c:9:3: warning: specified bound 8 equals the size of the destination
[-Wstringop-overflow=]
__builtin_strncat (d, fname, sizeof d);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
