From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id BFAAF3853C13; Thu, 12 Aug 2021 14:08:23 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BFAAF3853C13
From: "quentin at armitage dot org.uk" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/101451] Incorrect -Wstringop-truncation warning
Date: Thu, 12 Aug 2021 14:08:23 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 11.1.1
X-Bugzilla-Keywords: diagnostic
X-Bugzilla-Severity: normal
X-Bugzilla-Who: quentin at armitage dot org.uk
X-Bugzilla-Status: WAITING
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-101451-4-KSHTcdDDgI@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-101451-4@http.gcc.gnu.org/bugzilla/>
References: <bug-101451-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Aug 2021 14:08:23 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D101451

--- Comment #3 from Quentin Armitage <quentin at armitage dot org.uk> ---
According to the man page for strncat:
  As with strcat(), the resulting string in dest is always null-terminated.

  If  src  contains  n  or  more  bytes,  strncat()  writes  n+1  bytes to =
dest
(n from src plus the terminating null byte).  Therefore, the size of dest m=
ust
be at least strlen(dest)+n+1.

Based on the above, in the test case strncat should copy 15 bytes (sizeof(d=
est)
- 1), and then add a terminating null byte.

I think the following code snippet demonstrates that:

#include <string.h>
#include <stdio.h>


int main(__attribute__((unused)) int argc, __attribute__((unused)) char **a=
rgv)
{
        char dst[16] =3D "012345678901234";
        unsigned char *p =3D dst;

        dst[5] =3D '\0';

        strncat(dst, "abcdefg", 5);
        for (int i =3D 0; i < 16; i++)
                printf("0x%2.2x ", *p++);
        printf("\n");
}

>Do you have a full testcase that you can share, we will try to reduce it a=
nd see why it is still failing.

I have attached ipvswrapper.i, which when compiled with -O2
--Wstringop-truncation produces:
/usr/include/bits/string_fortified.h:95:10: warning: =E2=80=98__builtin_str=
ncpy=E2=80=99 output
may be truncated copying 15 bytes from a string of length 15
[-Wstringop-truncation]
   95 |   return __builtin___strncpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   96 |                                   __glibc_objsize (__dest));=