10 Regression] DSE memstar call trimming affecting -D_FORTIFY_SOURCE since r244444

jakub at gcc dot gnu.org Tue, 14 Jan 2020 04:19:17 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93262


            Bug ID: 93262
           Summary: [8/9/10 Regression] DSE memstar call trimming
                    affecting -D_FORTIFY_SOURCE since r244444
           Product: gcc
           Version: 10.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jakub at gcc dot gnu.org
  Target Milestone: ---

char a[16];

__attribute__((noipa, noinline, noclone)) void
foo (char *b)
{
  __builtin___memcpy_chk (a, b, 24, __builtin_object_size (a, 0));
  __builtin___memset_chk (a, ' ', 8, __builtin_object_size (a, 0));
}

int
main ()
{
  foo ("0123456789abcdef");
  return 0;
}

properly warns at compile time:
warning: ‘__builtin_memcpy’ writing 16 bytes into a region of size 8 overflows
the destination [-Wstringop-overflow=]
    6 |   __builtin___memcpy_chk (a, b, 24, __builtin_object_size (a, 0));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
but since (I believe) r244444 at -O2 it no longer fails at runtime like:
*** buffer overflow detected ***: ./pr93249-7 terminated
Aborted (core dumped)
(at -O0 it properly fails).

The bug is that when doing head_trim for the __builtin_*_chk calls, we can't
just decrease count and increment addresses, but we also need to decrement the
4th argument (and punt on head trimming if the decrement would overflow).

[Bug tree-optimization/93262] New: [8/9/10 Regression] DSE memstar call trimming affecting -D_FORTIFY_SOURCE since r244444

Reply via email to