public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/94647] [10 Regression] bogus -Warray-bounds on strncpy into a larger member array from a smaller array
Date: Sat, 18 Apr 2020 17:07:52 +0000 [thread overview]
Message-ID: <bug-94647-4-n9PU5Axfmi@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-94647-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94647
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msebor at gcc dot gnu.org
Last reconfirmed| |2020-04-18
Status|UNCONFIRMED |NEW
Component|other |middle-end
Ever confirmed|0 |1
Summary|[10 Regression] wrong |[10 Regression] bogus
|diagnostic with |-Warray-bounds on strncpy
|-Werror=format-security |into a larger member array
| |from a smaller array
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed with the slightly simplified test case below:
$ cat pr94647.c && gcc -O2 -S -Wall pr94647.c
char a[4], b[8];
void f (void)
{
__builtin_strncpy (b, a, sizeof b); // no warning
}
struct S
{
char a[4], b[8];
};
void g (struct S *p)
{
__builtin_strncpy (p->b, p->a, sizeof p->b); // bogus -Warray-bounds
}
pr94647.c: In function ‘g’:
pr94647.c:15:3: warning: ‘__builtin_strncpy’ offset [4, 7] from the object at
‘p’ is out of the bounds of referenced subobject ‘a’ with type ‘char[4]’ at
offset 0 [-Warray-bounds]
15 | __builtin_strncpy (p->b, p->a, sizeof p->b); // bogus
-Warray-bounds
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pr94647.c:10:8: note: subobject ‘a’ declared here
10 | char a[4], b[8];
| ^
The spurious warning was introduced by r275981:
Author: Martin Sebor <msebor@redhat.com>
Date: Thu Sep 19 22:15:34 2019 +0000
PR middle-end/91631 - buffer overflow into an array member of a declared
object not detected
gcc/ChangeLog:
PR middle-end/91631
* builtins.c (component_size): Correct trailing array computation,
rename to component_ref_size and move...
(compute_objsize): Adjust.
* gimple-ssa-warn-restrict.c (builtin_memref::refsize): New member.
(builtin_access::strict): Do not consider mememmove.
(builtin_access::write_off): New function.
(builtin_memref::builtin_memref): Initialize refsize.
(builtin_memref::set_base_and_offset): Adjust refoff and compute
refsize.
(builtin_memref::offset_out_of_bounds): Use ooboff input values.
Handle refsize.
(builtin_access::builtin_access): Intialize dstoff to destination
refeence offset here instead of in maybe_diag_overlap. Adjust
referencess even to unrelated objects. Adjust sizrange of bounded
string functions to reflect bound. For strcat, adjust destination
sizrange by that of source.
(builtin_access::strcat_overlap): Adjust offsets and sizes
to reflect the increase in destination sizrange above.
(builtin_access::overlap): Do not set dstoff here but instead
in builtin_access::builtin_access.
(check_bounds_or_overlap): Use builtin_access::write_off.
(maybe_diag_access_bounds): Add argument. Add informational notes.
(dump_builtin_memref, dump_builtin_access): New functions.
* tree.c (component_ref_size): ...to here.
* tree.h (component_ref_size): Declare.
* tree-ssa-strlen (handle_builtin_strcat): Include the terminating
nul in the size of the source string.
gcc/testsuite/ChangeLog:
PR middle-end/91631
* /c-c++-common/Warray-bounds-3.c: Correct expected offsets.
* /c-c++-common/Warray-bounds-4.c: Same.
* gcc.dg/Warray-bounds-39.c: Remove xfails.
* gcc.dg/Warray-bounds-45.c: New test.
* gcc.dg/Warray-bounds-46.c: New test.
From-SVN: r275981
next prev parent reply other threads:[~2020-04-18 17:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-18 11:13 [Bug other/94647] New: [10 Regression] wrong diagnostic with -Werror=format-security doko at debian dot org
2020-04-18 17:07 ` msebor at gcc dot gnu.org [this message]
2020-04-20 7:01 ` [Bug middle-end/94647] [10 Regression] bogus -Warray-bounds on strncpy into a larger member array from a smaller array rguenth at gcc dot gnu.org
2020-04-20 17:35 ` msebor at gcc dot gnu.org
2020-04-20 21:29 ` msebor at gcc dot gnu.org
2020-04-21 17:13 ` cvs-commit at gcc dot gnu.org
2020-04-21 17:15 ` msebor at gcc dot gnu.org
2020-04-22 14:59 ` jakub at gcc dot gnu.org
2020-04-22 15:35 ` cvs-commit at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-94647-4-n9PU5Axfmi@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).