[Bug tree-optimization/82456] missing -Wstringop-overflow on strcpy reading past the end of an array

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82456

--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
GCC 10 detects all these problems but only with -Warray-bounds (in -Wall) and
not by -Wstringop-overflow (enabled by default), so I'm going to leave this
open until it's also fixed there.

$ gcc -O2 -S -Wall pr82456.c
pr82456.c: In function ‘fcst’:
pr82456.c:5:3: warning: array subscript 3 is outside array bounds of ‘char[2]’
[-Warray-bounds]
    5 |   __builtin_strcpy (d, a + 3);   // -Warray-bounds (good)
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
pr82456.c:3:8: note: while referencing ‘a’
    3 |   char a[2] = "0";
      |        ^
pr82456.c: In function ‘frng’:
pr82456.c:16:3: warning: ‘__builtin_strcpy’ offset [3, 2147483647] is out of
the bounds [0, 2] of object ‘a’ with type ‘char[2]’ [-Warray-bounds]
   16 |   __builtin_strcpy (d, a + i);   // both warnings missing
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
pr82456.c:11:8: note: ‘a’ declared here
   11 |   char a[2] = "0";
      |        ^
pr82456.c: In function ‘gcst’:
pr82456.c:25:3: warning: ‘__builtin_strcpy’ offset 2 is out of the bounds [0,
2] of object ‘a’ with type ‘char[2]’ [-Warray-bounds]
   25 |   __builtin_strcpy (d, a + 2);   // missing -Wstringop-overflow
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
pr82456.c:23:8: note: ‘a’ declared here
   23 |   char a[2] = "0";
      |        ^
pr82456.c: In function ‘grng’:
pr82456.c:36:3: warning: ‘__builtin_strcpy’ offset 2 is out of the bounds [0,
2] of object ‘a’ with type ‘char[2]’ [-Warray-bounds]
   36 |   __builtin_strcpy (d, a + i);   // missing -Wstringop-overflow
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
pr82456.c:31:8: note: ‘a’ declared here
   31 |   char a[2] = "0";
      |        

This was enabled by the commit below:

commit 3942060c4b3168307b9e2870d81e7ca15b49760a
Author: Martin Sebor <mse...@redhat.com>
Date:   Tue Apr 21 10:59:24 2020 -0600

    PR middle-end/94647 - bogus -Warray-bounds on strncpy into a larger member
array from a smaller array

    gcc/ChangeLog:

            PR middle-end/94647
            * gimple-ssa-warn-restrict.c (builtin_access::builtin_access):
Correct
            the computation of the lower bound of the source access size.
            (builtin_access::generic_overlap): Remove a hack for setting ranges
            of overlap offsets.

    gcc/testsuite/ChangeLog:

            PR middle-end/94647
            * c-c++-common/Warray-bounds-2.c: Adjust a test case and add a new
one.
            * c-c++-common/Warray-bounds-3.c: Add tests for missing warnings.
            * c-c++-common/Wrestrict.c: Invert bounds in printed ranges.
            * gcc.dg/Warray-bounds-59.c: New test.
            * gcc.dg/Wrestrict-10.c: Add a missing warning.
            * gcc.dg/Wrestrict-5.c: Adjust text of expected warning.
            * gcc.dg/Wrestrict-6.c: Expect to see a range of overlap offsets.