[Bug tree-optimization/82646] bogus -Wstringop-overflow with -D_FORTIFY_SOURCE=2 on strncpy with range to a member array

Mon, 04 Dec 2017 19:15:07 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82646

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |ASSIGNED
   Last reconfirmed|                            |2017-12-05
         Resolution|INVALID                     |---
           Assignee|unassigned at gcc dot gnu.org      |msebor at gcc dot 
gnu.org
     Ever confirmed|0                           |1

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
This is my bad for letting these bugs sit so long without fixing them.

-Wstringop-overflow is meant to warn only for provable overflow.  In g(), the
overflow is possible but not inevitable.  The only call to the function in the
program is with an argument that guarantees the overflow doesn't happen, and so
the warning should not be issued.

The bug here is in the maybe_emit_chk_warning() function in builtins.c called
to handle __builtin___strncpy_chk.  The function passes the strncpy() bound as
the maxlen argument to check_sizes() when it should pass it as the size
argument analogously to the check_strncpy_sizes() function called for
__builtin_strncpy.

The following patch fixes the problem.  Let me run the full regression test
suite and submit it.

diff --git a/gcc/builtins.c b/gcc/builtins.c
index 097e1b7..3278c7f 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -9862,6 +9862,8 @@ maybe_emit_chk_warning (tree exp, enum built_in_function
fcode)
      (such as __strcat_chk).  */
   tree maxlen = NULL_TREE;

+  tree count = NULL_TREE;
+
   switch (fcode)
     {
     case BUILT_IN_STRCPY_CHK:
@@ -9888,7 +9890,7 @@ maybe_emit_chk_warning (tree exp, enum built_in_function
fcode)
     case BUILT_IN_STRNCPY_CHK:
     case BUILT_IN_STPNCPY_CHK:
       srcstr = CALL_EXPR_ARG (exp, 1);
-      maxlen = CALL_EXPR_ARG (exp, 2);
+      count = CALL_EXPR_ARG (exp, 2);
       objsize = CALL_EXPR_ARG (exp, 3);
       break;

@@ -9911,7 +9913,7 @@ maybe_emit_chk_warning (tree exp, enum built_in_function
fcode)
     }

   check_sizes (OPT_Wstringop_overflow_, exp,
-              /*size=*/NULL_TREE, maxlen, srcstr, objsize);
+              count, maxlen, srcstr, objsize);
 }

 /* Emit warning if a buffer overflow is detected at compile time

Reply via email to