https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86688
Bug ID: 86688
Summary: missing -Wstringop-overflow using a non-string local
array in strnlen with excessive bound
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
With the solution for pr86042 applied, GCC folds certain strnlen (and strlen)
calls into constants before the attribute nonstring checker has had a chance to
diagnose uses of nonstring arguments. As a result, while the strnlen call in
function f() is diagnosed, the corresponding call in g() is not. They should
both be diagnosed.
$ cat d.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout d.c
__attribute__ ((nonstring)) char a[3] = "123";
int f (void)
{
return __builtin_strnlen (a, sizeof a + 1);
}
int g (void)
{
__attribute__ ((nonstring)) char b[3];
__builtin_memcpy (b, "123", 3);
return __builtin_strnlen (b, sizeof b + 1);
}
;; Function f (f, funcdef_no=0, decl_uid=1899, cgraph_uid=1, symbol_order=1)
f ()
{
long unsigned int _1;
int _3;
<bb 2> [local count: 1073741825]:
_1 = __builtin_strnlen (&a, 4);
_3 = (int) _1;
return _3;
}
d.c: In function ‘f’:
d.c:5:10: warning: ‘__builtin_strnlen’ argument 1 declared attribute
‘nonstring’ is smaller than the specified bound 4 [-Wstringop-overflow=]
return __builtin_strnlen (a, sizeof a + 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
d.c:1:34: note: argument ‘a’ declared here
__attribute__ ((nonstring)) char a[3] = "123";
^
;; Function g (g, funcdef_no=1, decl_uid=1902, cgraph_uid=2, symbol_order=2)
g ()
{
<bb 2> [local count: 1073741825]:
return 3;
}
