> On Nov 17, 2017, at 5:54 PM, Martin Sebor <mse...@gmail.com> wrote:
>
>>
>> for the safety checking purpose, when we try to convert
>>
>> __builtin_strcmp(s, "abc") != 0
>>
>> to
>>
>> __builtin_memcmp (s, “abc”, 4) != 0
>>
>> we have to make sure that the size of variable “s” is larger than “4”.
>
> Presumably you mean "is at least 4?”
Yes.:-)
>
>>
>> if “s” is declared as
>>
>> char s[100];
>>
>> currently, the “get_range_strlen” cannot determine its maximum length is
>> 100. (it just return UNKNOWN).
>>
>> so, I have to update “get_range_strlen” for such simple case.
>>
>> this does provide the information I want. However, since the routine
>> “get_range_strlen” is also used in other places,
>> for example, in gimple-ssa-sprintf.c, the implementation of the sprintf
>> overflow warning uses the routine “get_range_strlen”
>> to decide the string’s maximum size and buffer size.
>>
>> my change in “get_range_strlen” triggered some new warnings for
>> -Werror=format-overflow (from gimple-ssa-sprintf.c
>> mentioned above) as following:
>>
>> qinzhao@gcc116:~/Bugs/warning$ cat t.c
>> #include <stdio.h>
>>
>> void foo(const char *macro)
>> {
>> char buf1[256], buf2[256];
>> sprintf (buf1, "%s=%s", macro, buf2);
>> return;
>> }
>>
>> with my private GCC:
>>
>> qinzhao@gcc116:~/Bugs/warning$ /home/qinzhao/Install/latest/bin/gcc t.c
>> -Werror=format-overflow -S
>> t.c: In function ‘foo’:
>> t.c:6:18: error: ‘sprintf’ may write a terminating nul past the end of the
>> destination [-Werror=format-overflow=]
>> sprintf (buf1, "%s=%s", macro, buf2);
>> ^~~~~~~
>> t.c:6:3: note: ‘sprintf’ output 2 or more bytes (assuming 257) into a
>> destination of size 256
>> sprintf (buf1, "%s=%s", macro, buf2);
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> cc1: some warnings being treated as errors
>
> When the length of one or more of the strings referenced by
> the argument passed to get_range_strlen() is unknown
> the -Wformat-overflow checker uses get_range_strlen() to compute
> the length of the longest string that fits in an array reference
> by the subexpression (i.e., sizeof array - 1) and uses it to
> issue warnings. This works with member arrays but because of
> a bug/limitation it doesn't work for non-member arrays. Bug
> 79538 tracks this. So the warning above suggests your change
> has fixed the problem -- good work! :)
really thanks for the info and bug id.
I just checked the 2 testing cases in PR 79538, with my private GCC, both of
the warnings are reported.
I am assign this bug to myself too.
Qing
>
> Martin
