https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87492

            Bug ID: 87492
           Summary: missing warning for a strnlen call with an
                    unterminated one-element array
           Product: gcc
           Version: 9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

In the following test case, the first strnlen call is diagnosed as expected but
the second one isn't despite both reading past the end of the unterminated
arrays.

$ cat c.c && /ssd/build/gcc-svn/gcc/xgcc -B /ssd/build/gcc-svn/gcc -O2 -S -Wall
-fdump-tree-optimized=/dev/stdout c.c
const char a[2] = "12";

void f (void)
{
  if (__builtin_strnlen (a, 4) != 0)   // warning (good)
    __builtin_abort ();
}

const char b[1] = "1";

void g (void)
{
  if (__builtin_strnlen (b, 4) != 0)   // missing warning
    __builtin_abort ();
}

;; Function f (f, funcdef_no=0, decl_uid=1907, cgraph_uid=1, symbol_order=1)

f ()
{
  long unsigned int _1;

  <bb 2> [local count: 1073741824]:
  _1 = __builtin_strnlen (&a, 4);
  if (_1 != 0)
    goto <bb 3>; [0.00%]
  else
    goto <bb 4>; [99.96%]

  <bb 3> [count: 0]:
  __builtin_abort ();

  <bb 4> [local count: 1073312328]:
  return;

}


c.c: In function ‘f’:
c.c:5:7: warning: ‘__builtin_strnlen’ specified bound 4 exceeds the size 2 of
unterminated array [-Wstringop-overflow=]
5 |   if (__builtin_strnlen (a, 4) != 0)   // warning (good)
  |       ^~~~~~~~~~~~~~~~~~~~~~~~
c.c:1:12: note: referenced argument declared here
1 | const char a[2] = "12";
  |            ^

;; Function g (g, funcdef_no=1, decl_uid=1911, cgraph_uid=2, symbol_order=3)

g ()
{
  <bb 2> [local count: 1073741824]:
  return;

}

Reply via email to