https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Bug ID: 97631 Summary: bogus "writing one too many bytes" warning for memcpy with strlen argument Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- The -Wstringop-overflow instance in f() is correct and intended but the one in g() is neither. It most likely crept in by mistake in r279392. The test case was reduced from libfido2. $ cat xxx.c && gcc -O2 -S -Wall xxx.c typedef __SIZE_TYPE__ size_t; char* f (char *s) { size_t n = __builtin_strlen (s); if (n == 0) return 0; char *d = __builtin_malloc (n); __builtin_strcpy (d, s); // -Wstringop-overflow (good) return d; } char* g (char *s) { size_t n = __builtin_strlen (s); if (n == 0) return 0; char *d = __builtin_malloc (n); __builtin_memcpy (d, s, n); // bogus overflow warning return d; } xxx.c: In function ‘f’: xxx.c:10:3: warning: ‘__builtin_strcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=] 10 | __builtin_strcpy (d, s); // -Wstringop-overflow (good) | ^~~~~~~~~~~~~~~~~~~~~~~ xxx.c:9:13: note: at offset 0 to an object allocated by ‘__builtin_malloc’ here 9 | char *d = __builtin_malloc (n); | ^~~~~~~~~~~~~~~~~~~~ xxx.c: In function ‘g’: xxx.c:21:3: warning: ‘__builtin_memcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=] 21 | __builtin_memcpy (d, s, n); // bogus overflow warning | ^~~~~~~~~~~~~~~~~~~~~~~~~~ xxx.c:20:13: note: at offset 0 to an object allocated by ‘__builtin_malloc’ here 20 | char *d = __builtin_malloc (n); | ^~~~~~~~~~~~~~~~~~~~