https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88991
Bug ID: 88991
Summary: missing warning on a strcpy and strlen from a
zero-length array
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
GCC diagnoses the undefined behavior in function f() in the test case below but
fails to diagnose the same bug in g() or h().
However, the warning issued for f() should be (also) for the call to strlen(s)
which is also undefined. Worse, in g() neither the call to strlen(s) nor
memcpy() is diagnosed.
$ cat t.c && gcc -O2 -S -Wall t.c
void f (char *d)
{
__builtin_memcpy (d, s, __builtin_strlen (s) + 1);
}
void g (char *d)
{
unsigned n = __builtin_strlen (s) + 1; // missing warning
__builtin_memcpy (d, s, n); // same here
}
void h (char *d)
{
__builtin_strcpy (d, s); // missing warning here too
}
t.c: In function ‘f’:
t.c:5:3: warning: ‘__builtin_memcpy’ forming offset [1, 9223372036854775805] is
out of the bounds [0, 0] of object ‘s’ with type ‘const char[]’
[-Warray-bounds]
5 | __builtin_memcpy (d, s, __builtin_strlen (s) + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
t.c:1:12: note: ‘s’ declared here
1 | const char s[0] = { };
| ^
