public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1
@ 2021-07-09 18:23 msebor at gcc dot gnu.org
2021-07-09 18:25 ` [Bug middle-end/101397] [11/12 Regression] " msebor at gcc dot gnu.org
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-09 18:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Bug ID: 101397
Summary: spurious warning writing to the result of stpcpy minus
1
Product: gcc
Version: 11.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
This is reduced from a recent Glibc build with GCC 12 which shows the warning
below:
In function ‘nis_local_group’,
inlined from ‘nis_local_group’ at nis_local_names.c:27:1:
nis_local_names.c:38:13: error: array subscript -1 is outside array bounds of
‘char[1025]’ [-Werror=array-bounds]
38 | if (cp[-1] != '.')
| ~~^~~~
nis_local_names.c: In function ‘nis_local_group’:
nis_local_names.c:29:15: note: at offset -1 into object ‘__nisgroup’ of size
1025
29 | static char __nisgroup[NIS_MAXNAMELEN + 1];
| ^~~~~~~~~~
The following test case shows the warning is a false positive. Since stpcpy()
returns a pointer to the terminating null it appends to the destination neither
of the warnings below is appropriate since there's no indication that the
copied string is empty. The output below is with GCC 11.1. In GCC 12 the
second -Wstringop-overflow becomes a -Warray-bounds.
$ cat t.c && gcc -O2 -S -Wall t.c
void f (void*);
void g (const char *s)
{
char d[8];
char *t = __builtin_stpcpy (d, s);
__builtin_strcpy (t - 1, "x");
f (d);
}
void h (const char *s)
{
char d[8];
char *t = __builtin_stpcpy (d, s);
t[-1] = 0;
f (d);
}
t.c: In function ‘g’:
t.c:7:3: warning: ‘__builtin_memcpy’ writing 2 bytes into a region of size 0
overflows the destination [-Wstringop-overflow=]
7 | __builtin_strcpy (t - 1, "x");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
t.c:5:8: note: at offset -1 into destination object ‘d’ of size 8
5 | char d[8];
| ^
t.c: In function ‘h’:
t.c:15:9: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
15 | t[-1] = 0;
| ~~~~~~^~~
t.c:13:8: note: at offset -1 into destination object ‘d’ of size 8
13 | char d[8];
| ^
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11/12 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
@ 2021-07-09 18:25 ` msebor at gcc dot gnu.org
2021-07-12 17:20 ` msebor at gcc dot gnu.org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-09 18:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
Blocks| |56456, 88443
Target Milestone|--- |11.2
Summary|spurious warning writing to |[11/12 Regression] spurious
|the result of stpcpy minus |warning writing to the
|1 |result of stpcpy minus 1
Last reconfirmed| |2021-07-09
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org
Keywords| |diagnostic
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The warning was introduced in g:83685efd5fd1623cfc4e4c435ce2773d95d458d1.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11/12 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
2021-07-09 18:25 ` [Bug middle-end/101397] [11/12 Regression] " msebor at gcc dot gnu.org
@ 2021-07-12 17:20 ` msebor at gcc dot gnu.org
2021-07-15 1:50 ` msebor at gcc dot gnu.org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-12 17:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at gcc dot gnu.org
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
*** Bug 101415 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11/12 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
2021-07-09 18:25 ` [Bug middle-end/101397] [11/12 Regression] " msebor at gcc dot gnu.org
2021-07-12 17:20 ` msebor at gcc dot gnu.org
@ 2021-07-15 1:50 ` msebor at gcc dot gnu.org
2021-07-20 19:52 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-15 1:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
Patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/575251.html
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11/12 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (2 preceding siblings ...)
2021-07-15 1:50 ` msebor at gcc dot gnu.org
@ 2021-07-20 19:52 ` cvs-commit at gcc dot gnu.org
2021-07-20 19:53 ` [Bug middle-end/101397] [11 " msebor at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-07-20 19:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
https://gcc.gnu.org/g:8bf5b49ebd2176b8c535147377381dd07fbdd643
commit r12-2422-g8bf5b49ebd2176b8c535147377381dd07fbdd643
Author: Martin Sebor <msebor@redhat.com>
Date: Tue Jul 20 13:48:20 2021 -0600
Correct stpcpy offset computation for -Warray-bounds et al. [PR101397].
Resolves:
PR middle-end/101397 - spurious warning writing to the result of stpcpy
minus 1
gcc/ChangeLog:
PR middle-end/101397
* builtins.c (gimple_call_return_array): Add argument. Correct
offsets for memchr, mempcpy, stpcpy, and stpncpy.
(compute_objsize_r): Adjust offset computation for argument
returning
built-ins.
gcc/testsuite/ChangeLog:
PR middle-end/101397
* gcc.dg/Warray-bounds-80.c: New test.
* gcc.dg/Warray-bounds-81.c: New test.
* gcc.dg/Warray-bounds-82.c: New test.
* gcc.dg/Warray-bounds-83.c: New test.
* gcc.dg/Warray-bounds-84.c: New test.
* gcc.dg/Wstringop-overflow-46.c: Adjust expected output.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (3 preceding siblings ...)
2021-07-20 19:52 ` cvs-commit at gcc dot gnu.org
@ 2021-07-20 19:53 ` msebor at gcc dot gnu.org
2021-07-28 7:07 ` rguenth at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-20 19:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail| |11.1.0
Summary|[11/12 Regression] spurious |[11 Regression] spurious
|warning writing to the |warning writing to the
|result of stpcpy minus 1 |result of stpcpy minus 1
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
Fixed in GCC 12.0. Will backport to 11 after a bit.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (4 preceding siblings ...)
2021-07-20 19:53 ` [Bug middle-end/101397] [11 " msebor at gcc dot gnu.org
@ 2021-07-28 7:07 ` rguenth at gcc dot gnu.org
2021-10-26 14:24 ` siddhesh at gotplt dot org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-07-28 7:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|11.2 |11.3
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 11.2 is being released, retargeting bugs to GCC 11.3
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (5 preceding siblings ...)
2021-07-28 7:07 ` rguenth at gcc dot gnu.org
@ 2021-10-26 14:24 ` siddhesh at gotplt dot org
2021-11-09 0:06 ` msebor at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: siddhesh at gotplt dot org @ 2021-10-26 14:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Siddhesh Poyarekar <siddhesh at gotplt dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |siddhesh at gotplt dot org
--- Comment #7 from Siddhesh Poyarekar <siddhesh at gotplt dot org> ---
(In reply to CVS Commits from comment #4)
> The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
>
> https://gcc.gnu.org/g:8bf5b49ebd2176b8c535147377381dd07fbdd643
>
> commit r12-2422-g8bf5b49ebd2176b8c535147377381dd07fbdd643
> Author: Martin Sebor <msebor@redhat.com>
> Date: Tue Jul 20 13:48:20 2021 -0600
>
> Correct stpcpy offset computation for -Warray-bounds et al. [PR101397].
This causes a crash with the following program due to an infinite recursion:
typedef __SIZE_TYPE__ size_t;
void
__attribute__ ((noinline))
foo (size_t x)
{
struct T { char buf[64]; char buf2[64]; } t;
char *p = &t.buf[8];
char *r = t.buf2;
size_t i;
for (i = 0; i < x; i++)
{
r = __builtin_mempcpy (r, p, i);
p = r + 1;
}
}
$ cc1.r12-2422 -quiet -o - repro.c
.file "repro.c"
.text
Segmentation fault (core dumped)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (6 preceding siblings ...)
2021-10-26 14:24 ` siddhesh at gotplt dot org
@ 2021-11-09 0:06 ` msebor at gcc dot gnu.org
2021-12-09 16:58 ` msebor at gcc dot gnu.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-11-09 0:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |103143
--- Comment #8 from Martin Sebor <msebor at gcc dot gnu.org> ---
(In reply to Siddhesh Poyarekar from comment #7)
Thanks. I opened pr103143 for this GCC 12 regression.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103143
[Bug 103143] [12 Regression] ICE due to infinite recursion in pointer-query.cc
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (7 preceding siblings ...)
2021-11-09 0:06 ` msebor at gcc dot gnu.org
@ 2021-12-09 16:58 ` msebor at gcc dot gnu.org
2022-04-21 7:49 ` rguenth at gcc dot gnu.org
2023-05-29 10:05 ` jakub at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-12-09 16:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Bug 101397 depends on bug 103143, which changed state.
Bug 103143 Summary: [12 Regression] ICE due to infinite recursion in pointer-query.cc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103143
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (8 preceding siblings ...)
2021-12-09 16:58 ` msebor at gcc dot gnu.org
@ 2022-04-21 7:49 ` rguenth at gcc dot gnu.org
2023-05-29 10:05 ` jakub at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-21 7:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|11.3 |11.4
--- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 11.3 is being released, retargeting bugs to GCC 11.4.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug middle-end/101397] [11 Regression] spurious warning writing to the result of stpcpy minus 1
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
` (9 preceding siblings ...)
2022-04-21 7:49 ` rguenth at gcc dot gnu.org
@ 2023-05-29 10:05 ` jakub at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-05-29 10:05 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101397
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|11.4 |11.5
--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 11.4 is being released, retargeting bugs to GCC 11.5.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-05-29 10:05 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-09 18:23 [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 msebor at gcc dot gnu.org
2021-07-09 18:25 ` [Bug middle-end/101397] [11/12 Regression] " msebor at gcc dot gnu.org
2021-07-12 17:20 ` msebor at gcc dot gnu.org
2021-07-15 1:50 ` msebor at gcc dot gnu.org
2021-07-20 19:52 ` cvs-commit at gcc dot gnu.org
2021-07-20 19:53 ` [Bug middle-end/101397] [11 " msebor at gcc dot gnu.org
2021-07-28 7:07 ` rguenth at gcc dot gnu.org
2021-10-26 14:24 ` siddhesh at gotplt dot org
2021-11-09 0:06 ` msebor at gcc dot gnu.org
2021-12-09 16:58 ` msebor at gcc dot gnu.org
2022-04-21 7:49 ` rguenth at gcc dot gnu.org
2023-05-29 10:05 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).