[Bug middle-end/94208] New: missing warning on passing unterminated local array to string functions

Tue, 17 Mar 2020 15:21:41 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94208

            Bug ID: 94208
           Summary: missing warning on passing unterminated local array to
                    string functions
           Product: gcc
           Version: 10.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

GCC 10 diagnoses only one out of the three invalid uses of the unterminated
array below.  The strlen pass "knows" the number of non-zero characters in each
of the local arrays and it also knows it's equal to the size of the array so it
has all it needs to diagnose the calls.

The problem is the same with other string functions (e.g., strlen or sprintf)
so a complete fix should extend the warning to all of them.

$ cat t.c && gcc -O2 -S -Wall -Wextra -Wpedantic
-fdump-tree-optimized=/dev/stdout t.c
const char a[4] = { '1', '2', '3', '4' };

void f0 (char *d)
{
  __builtin_strcpy (d, a);   // warning (good)
}

void f1 (char *d)
{
  const char a[4] = { '1', '2', '3', '4' };
  __builtin_strcpy (d, a);   // missing warning
}

void f2 (char *d)
{
  __builtin_strcpy (d, (char[4]){ '1', '2', '3', '4' });   // missing warning
}
t.c: In function ‘f0’:
t.c:5:3: warning: ‘strcpy’ argument missing terminating nul
[-Wstringop-overflow=]
    5 |   __builtin_strcpy (d, a);   // warning (good)
      |   ^~~~~~~~~~~~~~~~~~~~~~~
t.c:1:12: note: referenced argument declared here
    1 | const char a[4] = { '1', '2', '3', '4' };
      |            ^

;; Function f0 (f0, funcdef_no=0, decl_uid=1931, cgraph_uid=1, symbol_order=1)

f0 (char * d)
{
  <bb 2> [local count: 1073741824]:
  __builtin_strcpy (d_2(D), &a); [tail call]
  return;

}



;; Function f1 (f1, funcdef_no=1, decl_uid=1934, cgraph_uid=2, symbol_order=2)

f1 (char * d)
{
  const char a[4];

  <bb 2> [local count: 1073741824]:
  a = "1234";
  __builtin_strcpy (d_3(D), &a);
  a ={v} {CLOBBER};
  return;

}



;; Function f2 (f2, funcdef_no=2, decl_uid=1938, cgraph_uid=3, symbol_order=3)

f2 (char * d)
{
  char D.1940[4];

  <bb 2> [local count: 1073741824]:
  MEM <unsigned int> [(char *)&D.1940] = 875770417;
  __builtin_strcpy (d_6(D), &D.1940);
  D.1940 ={v} {CLOBBER};
  return;

}

Reply via email to