[Bug tree-optimization/92813] sprintf result not used by strlen pass

Wed, 04 Dec 2019 15:24:30 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92813

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |diagnostic,
                   |                            |missed-optimization
             Blocks|                            |83819

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Implementing this optimization will also make it possible to detect buffer
overflow in such cases:

$ cat t.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout t.c
char a[8];

void f (void)
{
  __builtin_strcpy (a, "1234");
  __builtin_sprintf (a + 4, "%s", "5678");   // warning (good)
}

void g (void)
{
  __builtin_sprintf (a, "%s", "1234");
  __builtin_strcat (a, "5678");              // missing warning
}
t.c: In function ‘f’:
t.c:6:32: warning: ‘__builtin_sprintf’ writing a terminating nul past the end
of the destination [-Wformat-overflow=]
    6 |   __builtin_sprintf (a + 4, "%s", "5678");   // warning (good)
      |                                ^
t.c:6:3: note: ‘__builtin_sprintf’ output 5 bytes into a destination of size 4
    6 |   __builtin_sprintf (a + 4, "%s", "5678");   // warning (good)
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

;; Function f (f, funcdef_no=0, decl_uid=1931, cgraph_uid=1, symbol_order=1)

f ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&a, "1234", 5);
  __builtin_sprintf (&MEM <char[8]> [(void *)&a + 4B], "%s", "5678"); [tail
call]
  return;

}



;; Function g (g, funcdef_no=1, decl_uid=1934, cgraph_uid=2, symbol_order=2)

g ()
{
  long unsigned int _3;
  char[8] * _4;

  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&a, "1234", 5);
  _3 = __builtin_strlen (&a);
  _4 = &a + _3;
  __builtin_memcpy (_4, "5678", 5); [tail call]
  return;

}


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83819
[Bug 83819] [meta-bug] missing strlen optimizations

Reply via email to