On Wed, 2020-02-19 at 17:26 -0700, Martin Sebor wrote:
> The buffer overflow detection for multi-char stores uses the size
> of a source array even when what's actually being accessed (read
> and stored) is a pointer to the array. That leads to incorrect
> warnings in some cases.
>
> The attached patch corrects the function that computes the size of
> the access to set it to that of a pointer instead if the source is
> an address expression.
>
> Tested on x86_64-linux.
> if (TREE_CODE (exp) == ADDR_EXPR)
> - exp = TREE_OPERAND (exp, 0);
> + {
> + /* If the size of the access hasn't been determined yet it's that
> + of a pointer. */
> + if (!nbytes)
> + nbytes = tree_to_uhwi (TYPE_SIZE_UNIT (TREE_TYPE (exp)));
> + exp = TREE_OPERAND (exp, 0);
> + }
>
This doesn't make any sense to me. You're always going to get the size of a
pointer here. Don't you want the size of the TYPE of the operand?
Jeff
