https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88441
Bug ID: 88441
Summary: missing warning on a buffer overflow with non-constant
offset and constant size
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The calls to memcpy in both functions either very likely or certainly overflow
the destination yet they are not diagnosed. At least in the simple cases when
the size of the destination (or source) object is known sufficiently early,
before the calls are transformed to MEM_REF, the overflow could be diagnosed.
$ cat x.c && gcc -O2 -S -Wall -fdump-tree-gimple=/dev/stdout x.c
char a[8];
void f (int i, const void *p)
{
// overflow very likely
__builtin_memcpy (a + i, p, sizeof a); // missing -Wstringop-overflow
}
void g (unsigned i, const void *p)
{
// overflow certain
if (i)
__builtin_memcpy (a + i, p, sizeof a); // missing -Wstringop-overflow
}
f (int i, const void * p)
{
_1 = (sizetype) i;
_2 = &a + _1;
__builtin_memcpy (_2, p, 8);
}
g (unsigned int i, const void * p)
{
if (i != 0) goto <D.1916>; else goto <D.1917>;
<D.1916>:
_1 = (sizetype) i;
_2 = &a + _1;
__builtin_memcpy (_2, p, 8);
<D.1917>:
}
