https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90989

            Bug ID: 90989
           Summary: incorrrect strlen result after second strcpy into the
                    same destination
           Product: gcc
           Version: 9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

When strcpy is called more than once on a dynamically created string to
overwrite the first string with a longer one, and with a string call like
strlen in between, the length of the longer string is then incorrectly
computed.  The bug requires the second copy to be represented by a MEM_REF
(ordinary memcpy works fine).

$ cat b.c && gcc -O2 -S -Wall -Wpedantic -fdump-tree-strlen=/dev/stdout b.c
int f (void)
{
  char b[6];
  __builtin_strcpy (b, "12");

  int n = __builtin_strlen (b);

  __builtin_strcpy (b, "12345");
  if (__builtin_strlen (b) != 5)   // GCC thinks strlen returns 2 here
    __builtin_abort ();

  return n;
}


;; Function f (f, funcdef_no=0, decl_uid=1906, cgraph_uid=1, symbol_order=0)

f ()
{
  int n;
  char b[6];
  long unsigned int _1;
  long unsigned int _2;

  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&b, "12", 3);
  _1 = 2;
  n_5 = (int) _1;
  MEM <unsigned char[6]> [(char * {ref-all})&b] = MEM <unsigned char[6]> [(char
* {ref-all})"12345"];
  _2 = 2;
  if (_2 != 5)
    goto <bb 3>; [0.00%]
  else
    goto <bb 4>; [100.00%]

  <bb 3> [count: 0]:
  __builtin_abort ();

  <bb 4> [local count: 1073741824]:
  b ={v} {CLOBBER};
  return n_5;

}

Reply via email to