[Bug c/80346] New: pessimistic stringop-overflow

Thu, 06 Apr 2017 10:42:00 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80346

            Bug ID: 80346
           Summary: pessimistic stringop-overflow
           Product: gcc
           Version: 7.0.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dgilbert at redhat dot com
  Target Milestone: ---

Created attachment 41146
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41146&action=edit
source file that triggers warning

The attached code (from QEMU's test suite) triggers the following warning - I
wonder if this is the same as pr 79095 ?

In file included from /usr/include/string.h:639:0,
                 from cut-down.c:4:
In function ‘memcpy’,
    inlined from ‘iov_from_buf.constprop’ at cut-down.c:49:9,
    inlined from ‘test_to_from_buf_1’ at cut-down.c:128:14,
    inlined from ‘test_to_from_buf’ at cut-down.c:143:9:
/usr/include/bits/string3.h:53:10: error: ‘__builtin_memcpy’: specified size
18446744073709551615 exceeds maximum object size 9223372036854775807
[-Werror=stringop-overflow=]
   return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘memcpy’,
    inlined from ‘iov_to_buf.constprop’ at cut-down.c:62:9,
    inlined from ‘test_to_from_buf_1’ at cut-down.c:134:14,
    inlined from ‘test_to_from_buf’ at cut-down.c:143:9:
/usr/include/bits/string3.h:53:10: error: ‘__builtin_memcpy’: specified size
18446744073709551615 exceeds maximum object size 9223372036854775807
[-Werror=stringop-overflow=]
   return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));

from Fedora 26's:
Configured with: ../configure --enable-bootstrap
--enable-languages=c,c++,objc,obj-c++,fortran,ada,go,lto --prefix=/usr
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared
--enable-threads=posix --enable-checking=release --enable-multilib
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-gnu-unique-object --enable-linker-build-id
--with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin
--enable-initfini-array --with-isl --enable-libmpx
--enable-offload-targets=nvptx-none --without-cuda-driver
--enable-gnu-indirect-function --with-tune=generic --with-arch_32=i686
--build=x86_64-redhat-linux
Thread model: posix
gcc version 7.0.1 20170309 (Red Hat 7.0.1-0.12) (GCC) 


I have some sympathy for the -1 size_t cast and it's worrying that (size_t)-1
<= iov_len could be true ???

Reply via email to