From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6629 invoked by alias); 25 Sep 2011 11:12:17 -0000 Received: (qmail 6616 invoked by uid 22791); 25 Sep 2011 11:12:16 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TW_CP X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 25 Sep 2011 11:12:03 +0000 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/50460] [4.7 Regression] __builtin___strcpy_chk/__builtin_object_size don't work Date: Sun, 25 Sep 2011 11:24:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: rguenth at gcc dot gnu.org X-Bugzilla-Target-Milestone: 4.7.0 X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2011-09/txt/msg01807.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50460 --- Comment #5 from Richard Guenther 2011-09-25 11:11:21 UTC --- (In reply to comment #4) > Looking at: > const char *str1 = "JIHGFEDCBA"; > #define strcpy(x,y) __builtin___strcpy_chk (x, y, __builtin_object_size (x, 1)) > > int > f1 (void) > { > struct A { char buf1[9]; char buf2[1]; } a; > strcpy (a.buf1 + (0 + 4), str1 + 5); > return 0; > } > > int > f2 (void) > { > struct A { char buf1[9]; char buf2[1]; } a; > strcpy ((char *) &a + (0 + 4), str1 + 5); > return 0; > } > > int > f3 (void) > { > struct A { char buf1[9]; char buf2[1]; } a; > char *p = (char *) &a; > strcpy (p + (0 + 4), str1 + 5); > return 0; > } > > int > f4 (void) > { > struct A { char buf0; char buf1[9]; char buf2[1]; } a; > char *p = (char *) &a; > strcpy (p + (0 + 5), str1 + 5); > return 0; > } > > int > f5 (void) > { > struct A { char buf0; char buf1[9]; char buf2[1]; } a; > strcpy ((char *) &a + (0 + 5), str1 + 5); > return 0; > } > > with GCC 4.4, seems we have always reconstructed it into &a.buf1[4]. > So likely we want to reconstruct it from the MEM_REF in the *.objsz pass then. > If there is union involved, we probably want to reconstruct it to the > alternative with the largest possible __builtin_object_size (X, 1) resp. > smallest possible __builtin_object_size (X, 3). I'm not sure. What's the C / fortify difference of a.buf1 + 9 vs. a.buf2? Both would be MEM[&a, 9]. I suppose we didn't re-construct array-refs in 4.4 from void *p = a.buf1; char *q = p + 4; so, did we fail with 4.4 here, too?