https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90989
Bug ID: 90989 Summary: incorrrect strlen result after second strcpy into the same destination Product: gcc Version: 9.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- When strcpy is called more than once on a dynamically created string to overwrite the first string with a longer one, and with a string call like strlen in between, the length of the longer string is then incorrectly computed. The bug requires the second copy to be represented by a MEM_REF (ordinary memcpy works fine). $ cat b.c && gcc -O2 -S -Wall -Wpedantic -fdump-tree-strlen=/dev/stdout b.c int f (void) { char b[6]; __builtin_strcpy (b, "12"); int n = __builtin_strlen (b); __builtin_strcpy (b, "12345"); if (__builtin_strlen (b) != 5) // GCC thinks strlen returns 2 here __builtin_abort (); return n; } ;; Function f (f, funcdef_no=0, decl_uid=1906, cgraph_uid=1, symbol_order=0) f () { int n; char b[6]; long unsigned int _1; long unsigned int _2; <bb 2> [local count: 1073741824]: __builtin_memcpy (&b, "12", 3); _1 = 2; n_5 = (int) _1; MEM <unsigned char[6]> [(char * {ref-all})&b] = MEM <unsigned char[6]> [(char * {ref-all})"12345"]; _2 = 2; if (_2 != 5) goto <bb 3>; [0.00%] else goto <bb 4>; [100.00%] <bb 3> [count: 0]: __builtin_abort (); <bb 4> [local count: 1073741824]: b ={v} {CLOBBER}; return n_5; }