https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82456
Bug ID: 82456
Summary: missing -Wstringop-overflow on strcpy reading past the
end of an array
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Wstringop-overflow warning is supposed to detect not just writing but also
reading past the end of arrays. The following test case shows a number of
instances of the latter bug the warning fails to detect. (The missing
-Warray-bounds is discussed in bug 82455.)
$ cat z.c && gcc -O2 -S -Wall -Wextra z.c
void fcst (char *d)
{
char a[2] = "0";
__builtin_strcpy (d, a + 3); // -Warray-bounds (good)
// missing -Wstringop-overflow
}
void frng (char *d, int i)
{
char a[2] = "0";
if (i < 3)
i = 3;
__builtin_strcpy (d, a + i); // both warnings missing
// (array index out of bounds
// and reading past the end)
}
void gcst (char *d)
{
char a[2] = "0";
__builtin_strcpy (d, a + 2); // missing -Wstringop-overflow
// (reading past the end)
}
void grng (char *d, int i)
{
char a[2] = "0";
if (i < 2)
i = 2;
__builtin_strcpy (d, a + i); // missing -Wstringop-overflow
// (reading past the end)
}
z.c: In function ‘fcst’:
z.c:5:3: warning: array subscript is above array bounds [-Warray-bounds]
__builtin_strcpy (d, a + 3); // -Warray-bounds (good)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
