https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71296
Bug ID: 71296
Summary: missing warning on strcat appending to a non-string
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
While testing a fix for bug 70988 I came across a class of problems that should
be easy to diagnose but aren't:
1) No warning is issued for calls to strcat where the first argument is an
initialized array of characters that's not a (nul-terminated) string.
2) No warning is issued for calls to strcat where the first argument points to
an uninitialized array.
I make the Component middle-end since that's where these things are diagnosed
by Object Size Checking but it seems that at least a subset of these problems
could be diagnosed even without optimization.
$ cat strcat.c && /build/gcc-6-branch/gcc/xgcc -B /build/gcc-6-branch/gcc -O2
-S -Wall -Wextra strcat.c
extern inline __attribute__ ((always_inline, artificial)) char *
strcat (char *d, const char *s)
{
return __builtin___strcat_chk (d, s, __builtin_object_size (d, 0));
}
void sink (const char*);
void test_nonstring (void)
{
char a [2] = { 'a', 'b' };
strcat (a, "c"); // writing past the end
sink (a);
}
void test_uninit (void)
{
char a [2];
strcat (a, "c"); // uninitialized read, possible past the end write
sink (a);
}
