https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79234
Bug ID: 79234
Summary: warn on past the end reads by library functions
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Wstringop-overflow option can detect calls to some standard library
functions that write past the end of a destination object, but it doesn't
detect calls that attempt to read beyond the end of an object. As the
following test case shows, even though all three functions access memory beyond
the end of an object only the first one that writes past the end is diagnosed.
This is an enhancement request to add an option to also detect and diagnose
past the end reads. The feature should be a straightforward extension of the
-Wstringop-overflow approach (though under it own option).
$ cat t.c && gcc -O2 -S -Wall -Wextra -Wpedantic t.c
#include <string.h>
char a[5];
void f (size_t n)
{
memcpy (a, "01234567", n < 7 ? 7 : n);
}
void g (void *d, size_t n)
{
memcpy (d, a, n < 7 ? 7 : n);
}
int h (size_t n)
{
return memcmp (a, "01234567", n < 7 ? 7 : n);
}
t.c: In function ‘f’:
t.c:7:3: warning: ‘memcpy’ writing between 7 and 18446744073709551615 bytes
into a region of size 5 overflows the destination [-Wstringop-overflow=]
memcpy (a, "01234567", n < 7 ? 7 : n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tmp$
