[Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array

[Bug middle-end/103637] New: [12 Regression] missing warning writing past the end of one of multiple elements of the same array

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637

            Bug ID: 103637
           Summary: [12 Regression] missing warning writing past the end
                    of one of multiple elements of the same array
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

The fix for pr103215 is too conservative and causes false negatives for past
the end accesses to array elements like in gcc.dg/warn-strnlen-no-nul.c.  A
simple test case that shows the problem is below.  The dump shows that both
strcpy calls are plainly out of bounds and both could and should be diagnosed.

$ cat y.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout y.c
extern int x;

extern char b[5][7];

void f (const char *s)
{
  __builtin_strncpy (b[3], s, 9);  // warning (good)
}

void g (int i, const char *s)
{
  char *d = i ? b[3] : b[4];
  __builtin_strncpy (d, s, 9);     // warning in GCC 11, missing in 12
}

;; Function f (f, funcdef_no=0, decl_uid=1980, cgraph_uid=1, symbol_order=0)

void f (const char * s)
{
  <bb 2> [local count: 1073741824]:
  __builtin_strncpy (&b[3], s_2(D), 9); [tail call]
  return;

}


y.c: In function ‘f’:
y.c:7:3: warning: ‘__builtin_strncpy’ writing 9 bytes into a region of size 7
overflows the destination [-Wstringop-overflow=]
    7 |   __builtin_strncpy (b[3], s, 9);  // warning (good)
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
y.c:3:13: note: at offset 21 into destination object ‘b’ of size 28
    3 | extern char b[5][7];
      |             ^

;; Function g (g, funcdef_no=1, decl_uid=1984, cgraph_uid=2, symbol_order=1)

Removing basic block 3
void g (int i, const char * s)
{
  char * iftmp.0_1;

  <bb 2> [local count: 1073741824]:
  if (i_2(D) != 0)
    goto <bb 4>; [50.00%]
  else
    goto <bb 3>; [50.00%]

  <bb 3> [local count: 536870912]:

  <bb 4> [local count: 1073741824]:
  # iftmp.0_1 = PHI <&b[3](2), &b[4](3)>
  __builtin_strncpy (iftmp.0_1, s_4(D), 9); [tail call]
  return;

}

[Bug middle-end/103637] [12 Regression] missing warning writing past the end of one of multiple elements of the same array

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |12.0

[Bug middle-end/103637] [12/13 Regression] missing warning writing past the end of one of multiple elements of the same array

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|12.0                        |12.2

--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 12.1 is being released, retargeting bugs to GCC 12.2.

[Bug middle-end/103637] [12/13 Regression] missing warning writing past the end of one of multiple elements of the same array

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
      Known to fail|                            |13.0
   Last reconfirmed|                            |2023-02-21

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed on trunk.

[Bug middle-end/103637] [12/13 Regression] missing warning writing past the end of one of multiple elements of the same array

[law at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637

Jeffrey A. Law <law at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P2
                 CC|                            |law at gcc dot gnu.org

[Bug middle-end/103637] [12/13/14 Regression] missing warning writing past the end of one of multiple elements of the same array

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103637

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|12.3                        |12.4

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 12.3 is being released, retargeting bugs to GCC 12.4.