On 10/7/19 6:58 PM, Martin Sebor wrote:
Last week's enhancement to detect one-byte buffer overflows exposed
a bug that let the warning use the size of a prior MEM_REF access
and "override" the size of the actual store to the character array.
When the store was smaller than the prior access (e.g., one byte,
vs an 8-byte null pointer read such as in a PHI), this would lead
to a false positive.
The attached patch has the function fail after it has determined
the size of the store from a MEM_REF if one of its recursive
invocations finds another MEM_REF.
Tested on x86_64-linux. Since the bug is causing trouble in Glibc
builds I will plan on committing the fix tomorrow.
I have committed this patch in r276711 along with an additional
minor tweak to take care of bug 92026 that was raised overnight
for test suite failures on a few targets.
Martin
