https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81436
Bug ID: 81436
Summary: missing -Wstringop-overflow on strncat to a zero-size
buffer
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
Strncat always appends a terminating NUL to the end of the copied string.
Therefore, it's never safe to call it with a destination of zero size. Such
calls should be diagnosed by -Wstringop-overflow but in GCC 7.1 they are not.
$ cat a.c && gcc -O2 -S -Wall -Wextra -fdump-tree-optimized=/dev/stdout a.c
void sink (void*);
void f (const char *s, int n)
{
char d[1];
__builtin_strncat (d + 1, s, n); // missing -Wstringop-overflow
sink (d);
}
;; Function f (f, funcdef_no=0, decl_uid=1818, cgraph_uid=0, symbol_order=0)
f (const char * s, int n)
{
char d[1];
long unsigned int _1;
<bb 2> [100.00%] [count: INV]:
_1 = (long unsigned int) n_2(D);
__builtin_strncat (&MEM[(void *)&d + 1B], s_4(D), _1);
sink (&d);
d ={v} {CLOBBER};
return;
}
