https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87492
Bug ID: 87492
Summary: missing warning for a strnlen call with an
unterminated one-element array
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
In the following test case, the first strnlen call is diagnosed as expected but
the second one isn't despite both reading past the end of the unterminated
arrays.
$ cat c.c && /ssd/build/gcc-svn/gcc/xgcc -B /ssd/build/gcc-svn/gcc -O2 -S -Wall
-fdump-tree-optimized=/dev/stdout c.c
const char a[2] = "12";
void f (void)
{
if (__builtin_strnlen (a, 4) != 0) // warning (good)
__builtin_abort ();
}
const char b[1] = "1";
void g (void)
{
if (__builtin_strnlen (b, 4) != 0) // missing warning
__builtin_abort ();
}
;; Function f (f, funcdef_no=0, decl_uid=1907, cgraph_uid=1, symbol_order=1)
f ()
{
long unsigned int _1;
<bb 2> [local count: 1073741824]:
_1 = __builtin_strnlen (&a, 4);
if (_1 != 0)
goto <bb 3>; [0.00%]
else
goto <bb 4>; [99.96%]
<bb 3> [count: 0]:
__builtin_abort ();
<bb 4> [local count: 1073312328]:
return;
}
c.c: In function ‘f’:
c.c:5:7: warning: ‘__builtin_strnlen’ specified bound 4 exceeds the size 2 of
unterminated array [-Wstringop-overflow=]
5 | if (__builtin_strnlen (a, 4) != 0) // warning (good)
| ^~~~~~~~~~~~~~~~~~~~~~~~
c.c:1:12: note: referenced argument declared here
1 | const char a[2] = "12";
| ^
;; Function g (g, funcdef_no=1, decl_uid=1911, cgraph_uid=2, symbol_order=3)
g ()
{
<bb 2> [local count: 1073741824]:
return;
}
