https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94647
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msebor at gcc dot gnu.org
Last reconfirmed| |2020-04-18
Status|UNCONFIRMED |NEW
Component|other |middle-end
Ever confirmed|0 |1
Summary|[10 Regression] wrong |[10 Regression] bogus
|diagnostic with |-Warray-bounds on strncpy
|-Werror=format-security |into a larger member array
| |from a smaller array
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed with the slightly simplified test case below:
$ cat pr94647.c && gcc -O2 -S -Wall pr94647.c
char a[4], b[8];
void f (void)
{
__builtin_strncpy (b, a, sizeof b); // no warning
}
struct S
{
char a[4], b[8];
};
void g (struct S *p)
{
__builtin_strncpy (p->b, p->a, sizeof p->b); // bogus -Warray-bounds
}
pr94647.c: In function ‘g’:
pr94647.c:15:3: warning: ‘__builtin_strncpy’ offset [4, 7] from the object at
‘p’ is out of the bounds of referenced subobject ‘a’ with type ‘char[4]’ at
offset 0 [-Warray-bounds]
15 | __builtin_strncpy (p->b, p->a, sizeof p->b); // bogus
-Warray-bounds
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pr94647.c:10:8: note: subobject ‘a’ declared here
10 | char a[4], b[8];
| ^
The spurious warning was introduced by r275981:
Author: Martin Sebor <mse...@redhat.com>
Date: Thu Sep 19 22:15:34 2019 +0000
PR middle-end/91631 - buffer overflow into an array member of a declared
object not detected
gcc/ChangeLog:
PR middle-end/91631
* builtins.c (component_size): Correct trailing array computation,
rename to component_ref_size and move...
(compute_objsize): Adjust.
* gimple-ssa-warn-restrict.c (builtin_memref::refsize): New member.
(builtin_access::strict): Do not consider mememmove.
(builtin_access::write_off): New function.
(builtin_memref::builtin_memref): Initialize refsize.
(builtin_memref::set_base_and_offset): Adjust refoff and compute
refsize.
(builtin_memref::offset_out_of_bounds): Use ooboff input values.
Handle refsize.
(builtin_access::builtin_access): Intialize dstoff to destination
refeence offset here instead of in maybe_diag_overlap. Adjust
referencess even to unrelated objects. Adjust sizrange of bounded
string functions to reflect bound. For strcat, adjust destination
sizrange by that of source.
(builtin_access::strcat_overlap): Adjust offsets and sizes
to reflect the increase in destination sizrange above.
(builtin_access::overlap): Do not set dstoff here but instead
in builtin_access::builtin_access.
(check_bounds_or_overlap): Use builtin_access::write_off.
(maybe_diag_access_bounds): Add argument. Add informational notes.
(dump_builtin_memref, dump_builtin_access): New functions.
* tree.c (component_ref_size): ...to here.
* tree.h (component_ref_size): Declare.
* tree-ssa-strlen (handle_builtin_strcat): Include the terminating
nul in the size of the source string.
gcc/testsuite/ChangeLog:
PR middle-end/91631
* /c-c++-common/Warray-bounds-3.c: Correct expected offsets.
* /c-c++-common/Warray-bounds-4.c: Same.
* gcc.dg/Warray-bounds-39.c: Remove xfails.
* gcc.dg/Warray-bounds-45.c: New test.
* gcc.dg/Warray-bounds-46.c: New test.
From-SVN: r275981
