From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 4DE8D385800D; Fri, 9 Jul 2021 18:23:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4DE8D385800D From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/101397] New: spurious warning writing to the result of stpcpy minus 1 Date: Fri, 09 Jul 2021 18:23:08 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 11.1.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jul 2021 18:23:08 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D101397 Bug ID: 101397 Summary: spurious warning writing to the result of stpcpy minus 1 Product: gcc Version: 11.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- This is reduced from a recent Glibc build with GCC 12 which shows the warni= ng below: In function =E2=80=98nis_local_group=E2=80=99, inlined from =E2=80=98nis_local_group=E2=80=99 at nis_local_names.c:27:= 1: nis_local_names.c:38:13: error: array subscript -1 is outside array bounds = of =E2=80=98char[1025]=E2=80=99 [-Werror=3Darray-bounds] 38 | if (cp[-1] !=3D '.') | ~~^~~~ nis_local_names.c: In function =E2=80=98nis_local_group=E2=80=99: nis_local_names.c:29:15: note: at offset -1 into object =E2=80=98__nisgroup= =E2=80=99 of size 1025 29 | static char __nisgroup[NIS_MAXNAMELEN + 1]; | ^~~~~~~~~~ The following test case shows the warning is a false positive. Since stpcp= y() returns a pointer to the terminating null it appends to the destination nei= ther of the warnings below is appropriate since there's no indication that the copied string is empty. The output below is with GCC 11.1. In GCC 12 the second -Wstringop-overflow becomes a -Warray-bounds. $ cat t.c && gcc -O2 -S -Wall t.c void f (void*); void g (const char *s) { char d[8]; char *t =3D __builtin_stpcpy (d, s); __builtin_strcpy (t - 1, "x"); f (d); } void h (const char *s) { char d[8]; char *t =3D __builtin_stpcpy (d, s); t[-1] =3D 0; f (d); } t.c: In function =E2=80=98g=E2=80=99: t.c:7:3: warning: =E2=80=98__builtin_memcpy=E2=80=99 writing 2 bytes into a= region of size 0 overflows the destination [-Wstringop-overflow=3D] 7 | __builtin_strcpy (t - 1, "x"); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ t.c:5:8: note: at offset -1 into destination object =E2=80=98d=E2=80=99 of = size 8 5 | char d[8]; | ^ t.c: In function =E2=80=98h=E2=80=99: t.c:15:9: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=3D] 15 | t[-1] =3D 0; | ~~~~~~^~~ t.c:13:8: note: at offset -1 into destination object =E2=80=98d=E2=80=99 of= size 8 13 | char d[8]; | ^=