On Wed, 2020-04-22 at 15:36 -0600, Martin Sebor via Gcc-patches wrote:
> When computing the size of an object with a flexible array member
> the object size pass doesn't consider that the initializer of such
> an object can result in its size being in excess of the size of
> the enclosing type. As a result, stores into such objects by
> string functions causes false positive warnings and can abort
> at runtime.
>
> The warnings are an old regression but as more of them make use
> of the object size results more of them are affected by the bug.
> The abort goes back to when support for _FORTIFY_SOURCE was added.
>
> The same problem has already been independently fixed in GCC 10
> for -Warray-bounds which doesn't use the object size checking pass,
> but the object size bug still remains. The attached patch corrects
> it as well.
>
> Tested on x86_64-linux.
Do you need to change guarding condition to use decl_init_size instead of
DECL_SIZE_UNIT as well?
else if (pt_var
&& DECL_P (pt_var)
&& tree_fits_uhwi_p (DECL_SIZE_UNIT (pt_var))
^^^^^^^^^^^^^^
&& tree_to_uhwi (DECL_SIZE_UNIT (pt_var)) < offset_limit)
^^^^^^^^^^^^^^
{
*pdecl = pt_var;
pt_var_size = DECL_SIZE_UNIT (pt_var);
}
Jeff
