https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86259
Bug ID: 86259
Summary: min(4, strlen(s)) optimized to strlen(s) with -flto
Product: gcc
Version: 8.1.1
Status: UNCONFIRMED
Keywords: lto, wrong-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: gcc at thecybershadow dot net
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Build: x86_64-pc-linux-gnu
////////////////// test.c /////////////////
#include <stdio.h>
#include <string.h>
#define min(a, b) (((a) < (b)) ? (a) : (b))
char buf[32];
void fun1(char *s)
{
memcpy(buf, s, min(4, strlen(s)));
memcpy(buf, s, min(4, strlen(s)));
}
typedef struct
{
char s[4];
char s2;
} T;
void fun2(char* s)
{
T *t = (T *) s;
fun1(t->s);
}
int main()
{
fun2("abcdefghijklmnopqrstuvwxyz");
puts(buf);
return 0;
}
///////////////////////////////////////////
Gives different results with `gcc test.c` and `gcc -O2 -flto test.c`.
The buffer in the example above fits the entire string in either case, but in
the non-reduced application, this causes a heap buffer overflow.
Can be reproduced with 8.1.1 and current trunk (r261830).
