https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87492
Bug ID: 87492 Summary: missing warning for a strnlen call with an unterminated one-element array Product: gcc Version: 9.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- In the following test case, the first strnlen call is diagnosed as expected but the second one isn't despite both reading past the end of the unterminated arrays. $ cat c.c && /ssd/build/gcc-svn/gcc/xgcc -B /ssd/build/gcc-svn/gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout c.c const char a[2] = "12"; void f (void) { if (__builtin_strnlen (a, 4) != 0) // warning (good) __builtin_abort (); } const char b[1] = "1"; void g (void) { if (__builtin_strnlen (b, 4) != 0) // missing warning __builtin_abort (); } ;; Function f (f, funcdef_no=0, decl_uid=1907, cgraph_uid=1, symbol_order=1) f () { long unsigned int _1; <bb 2> [local count: 1073741824]: _1 = __builtin_strnlen (&a, 4); if (_1 != 0) goto <bb 3>; [0.00%] else goto <bb 4>; [99.96%] <bb 3> [count: 0]: __builtin_abort (); <bb 4> [local count: 1073312328]: return; } c.c: In function ‘f’: c.c:5:7: warning: ‘__builtin_strnlen’ specified bound 4 exceeds the size 2 of unterminated array [-Wstringop-overflow=] 5 | if (__builtin_strnlen (a, 4) != 0) // warning (good) | ^~~~~~~~~~~~~~~~~~~~~~~~ c.c:1:12: note: referenced argument declared here 1 | const char a[2] = "12"; | ^ ;; Function g (g, funcdef_no=1, decl_uid=1911, cgraph_uid=2, symbol_order=3) g () { <bb 2> [local count: 1073741824]: return; }