[Bug middle-end/88991] missing warning on a strcpy and strlen from a zero-length array

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88991

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2019-08-28
            Version|9.0                         |8.0
     Ever confirmed|0                           |1
      Known to fail|                            |8.3.0, 9.2.0

--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The test case in comment #0 seems to wrong/incomplete and doesn't compile. 
Below is a test case that compiles and shows that GCC 9 issues warnings for the
first and third function but misses the one in the middle.

$ cat pr88991.c && gcc -O2 -S -Wall pr88991.c
char a[0], *s;

void f (void)
{
  __builtin_memcpy (a, s, __builtin_strlen (s) + 1);   // warning (good)
}

void g (void)
{
  unsigned n = __builtin_strlen (s) + 1;   // missing warning
  __builtin_memcpy (a, s, n);              // same here
}

void h (void)
{
  __builtin_strcpy (a, s);                 // warning (good)
}
pr88991.c: In function ‘f’:
pr88991.c:5:3: warning: ‘__builtin_memcpy’ forming offset [1,
9223372036854775806] is out of the bounds [0, 0] of object ‘a’ with type
‘char[]’ [-Warray-bounds]
    5 |   __builtin_memcpy (a, s, __builtin_strlen (s) + 1);   // warning
(good)
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pr88991.c:1:6: note: ‘a’ declared here
    1 | char a[0], *s;
      |      ^
pr88991.c: In function ‘h’:
pr88991.c:16:3: warning: ‘__builtin_strcpy’ forming offset 1 is out of the
bounds [0, 0] of object ‘a’ with type ‘char[]’ [-Warray-bounds]
   16 |   __builtin_strcpy (a, s);                 // warning (good)
      |   ^~~~~~~~~~~~~~~~~~~~~~~
pr88991.c:1:6: note: ‘a’ declared here
    1 | char a[0], *s;
      |      ^


With -Warray-bounds disabled, GCC 9 issues the following:

pr88991.c: In function ‘f’:
pr88991.c:5:3: warning: ‘__builtin_memcpy’ writing between 1 and
9223372036854775806 bytes into a region of size 0 overflows the destination
[-Wstringop-overflow=]
    5 |   __builtin_memcpy (a, s, __builtin_strlen (s) + 1);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pr88991.c: In function ‘h’:
pr88991.c:16:3: warning: ‘__builtin_strcpy’ writing 1 or more bytes into a
region of size 0 overflows the destination [-Wstringop-overflow=]
   16 |   __builtin_strcpy (a, s);
      |   ^~~~~~~~~~~~~~~~~~~~~~~