https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82646
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |law at redhat dot com
Resolution|--- |INVALID
--- Comment #1 from Jeffrey A. Law <law at redhat dot com> ---
This test looks bogus to me.
"g" boils down to:
g (struct S * p, int n)
{
long unsigned int _1;
char[5] * _2;
;; basic block 2, loop depth 0, count 1073741825 (estimated locally), maybe
hot
;; prev block 0, next block 1, flags: (NEW, REACHABLE, VISITED)
;; pred: ENTRY [always] count:1073741826 (estimated locally)
(FALLTHRU,EXECUTABLE)
n_7 = MAX_EXPR <n_4(D), 5>;
_1 = (long unsigned int) n_7;
_2 = &p_5(D)->a;
__builtin___strncpy_chk (_2, "1234567", _1, 5);
sink (_2);
return;
;; succ: EXIT [always (guessed)] count:1073741825 (estimated locally)
(EXECUTABLE)
}
We can pretty easily see that _1 can exceed "7" and thus we could do an
out-of-bounds write. THe fact that it doesn't is because main passes in the
value of 1. MAX (1, 5) is 5, thus no runtime failure. Pass in a large value
to g and you'll get a nice runtime failure.
