https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90752
Bug ID: 90752
Summary: missing -Warray-bounds accessing the result of string
functions
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
GCC doesn't diagnose any of the out-of-bounds accesses in the functions below
or any others like it that involved string built-ins. The VRP pass has
sufficient information to issue -Warray-bounds, it simply doesn't consider
these cases. They can be easily detected by extending
vrp_prop::check_mem_ref() to consider the first argument of each built-in call.
(For bounded functions like stpncpy that return a pointer to the last copied
character, it should also consider the bound.)
extern char a[4];
int f (const void *s, unsigned n)
{
char *p = __builtin_memcpy (a, s, n);
return p[-1]; // missing -Warray-bounds
}
int g (const char *s)
{
char *p = __builtin_stpcpy (a, s);
return p[-5]; // missing -Warray-bounds
}
int h (const char *s)
{
char *p = __builtin_strcpy (a, s);
return p[4]; // missing -Warray-bounds
}
