https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85259
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Status|UNCONFIRMED |NEW
Last reconfirmed| |2018-04-06
Ever confirmed|0 |1
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
With -Wno-system-headers GCC 8 prints:
In file included from /usr/include/string.h:635,
from pr85259.c:1:
In function ‘strcat’,
inlined from ‘main’ at pr85259.c:8:3:
/usr/include/bits/string3.h:148:10: warning: ‘__builtin___memcpy_chk’ forming
offset [7, 13] is out of the bounds [0, 6] of object ‘buf’ with type ‘char[6]’
[-Warray-bounds]
return __builtin___strcat_chk (__dest, __src, __bos (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pr85259.c: In function ‘main’:
pr85259.c:3:6: note: ‘buf’ declared here
char buf[6];
^~~
This is better but it's a warning for the strcat call while there should be a
warning for the strcpy() call first because it overflows the buffer. A bug in
handle_builtin_strcpy() in tree-ssa-strlen causes GCC to miss this case. So
there are two bugs in play here: the system header suppression and the
detection of strcpy overflow with a string literal.
