public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array @ 2021-12-09 19:46 msebor at gcc dot gnu.org 2021-12-10 0:31 ` [Bug middle-end/103637] " pinskia at gcc dot gnu.org ` (4 more replies) 0 siblings, 5 replies; 6+ messages in thread From: msebor at gcc dot gnu.org @ 2021-12-09 19:46 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637 Bug ID: 103637 Summary: [12 Regression] missing warning writing past the end of one of multiple elements of the same array Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- The fix for pr103215 is too conservative and causes false negatives for past the end accesses to array elements like in gcc.dg/warn-strnlen-no-nul.c. A simple test case that shows the problem is below. The dump shows that both strcpy calls are plainly out of bounds and both could and should be diagnosed. $ cat y.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout y.c extern int x; extern char b[5][7]; void f (const char *s) { __builtin_strncpy (b[3], s, 9); // warning (good) } void g (int i, const char *s) { char *d = i ? b[3] : b[4]; __builtin_strncpy (d, s, 9); // warning in GCC 11, missing in 12 } ;; Function f (f, funcdef_no=0, decl_uid=1980, cgraph_uid=1, symbol_order=0) void f (const char * s) { <bb 2> [local count: 1073741824]: __builtin_strncpy (&b[3], s_2(D), 9); [tail call] return; } y.c: In function ‘f’: y.c:7:3: warning: ‘__builtin_strncpy’ writing 9 bytes into a region of size 7 overflows the destination [-Wstringop-overflow=] 7 | __builtin_strncpy (b[3], s, 9); // warning (good) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ y.c:3:13: note: at offset 21 into destination object ‘b’ of size 28 3 | extern char b[5][7]; | ^ ;; Function g (g, funcdef_no=1, decl_uid=1984, cgraph_uid=2, symbol_order=1) Removing basic block 3 void g (int i, const char * s) { char * iftmp.0_1; <bb 2> [local count: 1073741824]: if (i_2(D) != 0) goto <bb 4>; [50.00%] else goto <bb 3>; [50.00%] <bb 3> [local count: 536870912]: <bb 4> [local count: 1073741824]: # iftmp.0_1 = PHI <&b[3](2), &b[4](3)> __builtin_strncpy (iftmp.0_1, s_4(D), 9); [tail call] return; } ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/103637] [12 Regression] missing warning writing past the end of one of multiple elements of the same array 2021-12-09 19:46 [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array msebor at gcc dot gnu.org @ 2021-12-10 0:31 ` pinskia at gcc dot gnu.org 2022-05-06 8:32 ` [Bug middle-end/103637] [12/13 " jakub at gcc dot gnu.org ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2021-12-10 0:31 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |12.0 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/103637] [12/13 Regression] missing warning writing past the end of one of multiple elements of the same array 2021-12-09 19:46 [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array msebor at gcc dot gnu.org 2021-12-10 0:31 ` [Bug middle-end/103637] " pinskia at gcc dot gnu.org @ 2022-05-06 8:32 ` jakub at gcc dot gnu.org 2023-02-21 15:01 ` rguenth at gcc dot gnu.org ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: jakub at gcc dot gnu.org @ 2022-05-06 8:32 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637 Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|12.0 |12.2 --- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> --- GCC 12.1 is being released, retargeting bugs to GCC 12.2. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/103637] [12/13 Regression] missing warning writing past the end of one of multiple elements of the same array 2021-12-09 19:46 [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array msebor at gcc dot gnu.org 2021-12-10 0:31 ` [Bug middle-end/103637] " pinskia at gcc dot gnu.org 2022-05-06 8:32 ` [Bug middle-end/103637] [12/13 " jakub at gcc dot gnu.org @ 2023-02-21 15:01 ` rguenth at gcc dot gnu.org 2023-04-14 4:53 ` law at gcc dot gnu.org 2023-05-08 12:23 ` [Bug middle-end/103637] [12/13/14 " rguenth at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-02-21 15:01 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Known to fail| |13.0 Last reconfirmed| |2023-02-21 --- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> --- Confirmed on trunk. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/103637] [12/13 Regression] missing warning writing past the end of one of multiple elements of the same array 2021-12-09 19:46 [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array msebor at gcc dot gnu.org ` (2 preceding siblings ...) 2023-02-21 15:01 ` rguenth at gcc dot gnu.org @ 2023-04-14 4:53 ` law at gcc dot gnu.org 2023-05-08 12:23 ` [Bug middle-end/103637] [12/13/14 " rguenth at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: law at gcc dot gnu.org @ 2023-04-14 4:53 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637 Jeffrey A. Law <law at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P3 |P2 CC| |law at gcc dot gnu.org ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug middle-end/103637] [12/13/14 Regression] missing warning writing past the end of one of multiple elements of the same array 2021-12-09 19:46 [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array msebor at gcc dot gnu.org ` (3 preceding siblings ...) 2023-04-14 4:53 ` law at gcc dot gnu.org @ 2023-05-08 12:23 ` rguenth at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-05-08 12:23 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|12.3 |12.4 --- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> --- GCC 12.3 is being released, retargeting bugs to GCC 12.4. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-05-08 12:23 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-12-09 19:46 [Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array msebor at gcc dot gnu.org 2021-12-10 0:31 ` [Bug middle-end/103637] " pinskia at gcc dot gnu.org 2022-05-06 8:32 ` [Bug middle-end/103637] [12/13 " jakub at gcc dot gnu.org 2023-02-21 15:01 ` rguenth at gcc dot gnu.org 2023-04-14 4:53 ` law at gcc dot gnu.org 2023-05-08 12:23 ` [Bug middle-end/103637] [12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).