https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
While playing with the test case I added to pr97631 I noticed that when I
change the type of len to int, the warning disappears for the call to strcpy
(where it's intended) but the false positive stays for the call to memcpy.
When I change the type to unsigned int, the warning then moves to strcpy and
disappears for memcpy. This should get cleaned up too.
$ (set -x && cat xxx.c && gcc -DINT=int -O2 -S -Wall xxx.c && gcc
-DINT=unsigned -O2 -S -Wall xxx.c)
+ cat xxx.c
char* f (char *s)
{
INT n = __builtin_strlen (s);
if (n == 0)
return 0;
char *d = __builtin_malloc (n);
__builtin_strcpy (d, s); // -Wstringop-overflow (good)
return d;
}
char* g (char *s)
{
INT n = __builtin_strlen (s);
if (n == 0)
return 0;
char *d = __builtin_malloc (n);
__builtin_memcpy (d, s, n); // bogus overflow warning
return d;
}
+ gcc -DINT=int -O2 -S -Wall xxx.c
xxx.c: In function ‘g’:
xxx.c:19:3: warning: ‘__builtin_memcpy’ writing one too many bytes into a
region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
19 | __builtin_memcpy (d, s, n); // bogus overflow warning
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
xxx.c:18:13: note: at offset 0 to an object with size between 1 and
18446744073709551615 allocated by ‘__builtin_malloc’ here
18 | char *d = __builtin_malloc (n);
| ^~~~~~~~~~~~~~~~~~~~
+ gcc -DINT=unsigned -O2 -S -Wall xxx.c
xxx.c: In function ‘f’:
xxx.c:8:3: warning: ‘__builtin_strcpy’ writing one too many bytes into a region
of a size that depends on ‘strlen’ [-Wstringop-overflow=]
8 | __builtin_strcpy (d, s); // -Wstringop-overflow (good)
| ^~~~~~~~~~~~~~~~~~~~~~~
xxx.c:7:13: note: at offset 0 to an object with size at most 4294967295
allocated by ‘__builtin_malloc’ here
7 | char *d = __builtin_malloc (n);
| ^~~~~~~~~~~~~~~~~~~~
