public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/94647] [10 Regression] bogus -Warray-bounds on strncpy into a larger member array from a smaller array Date: Sat, 18 Apr 2020 17:07:52 +0000 [thread overview] Message-ID: <bug-94647-4-n9PU5Axfmi@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-94647-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94647 Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msebor at gcc dot gnu.org Last reconfirmed| |2020-04-18 Status|UNCONFIRMED |NEW Component|other |middle-end Ever confirmed|0 |1 Summary|[10 Regression] wrong |[10 Regression] bogus |diagnostic with |-Warray-bounds on strncpy |-Werror=format-security |into a larger member array | |from a smaller array --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- Confirmed with the slightly simplified test case below: $ cat pr94647.c && gcc -O2 -S -Wall pr94647.c char a[4], b[8]; void f (void) { __builtin_strncpy (b, a, sizeof b); // no warning } struct S { char a[4], b[8]; }; void g (struct S *p) { __builtin_strncpy (p->b, p->a, sizeof p->b); // bogus -Warray-bounds } pr94647.c: In function ‘g’: pr94647.c:15:3: warning: ‘__builtin_strncpy’ offset [4, 7] from the object at ‘p’ is out of the bounds of referenced subobject ‘a’ with type ‘char[4]’ at offset 0 [-Warray-bounds] 15 | __builtin_strncpy (p->b, p->a, sizeof p->b); // bogus -Warray-bounds | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pr94647.c:10:8: note: subobject ‘a’ declared here 10 | char a[4], b[8]; | ^ The spurious warning was introduced by r275981: Author: Martin Sebor <msebor@redhat.com> Date: Thu Sep 19 22:15:34 2019 +0000 PR middle-end/91631 - buffer overflow into an array member of a declared object not detected gcc/ChangeLog: PR middle-end/91631 * builtins.c (component_size): Correct trailing array computation, rename to component_ref_size and move... (compute_objsize): Adjust. * gimple-ssa-warn-restrict.c (builtin_memref::refsize): New member. (builtin_access::strict): Do not consider mememmove. (builtin_access::write_off): New function. (builtin_memref::builtin_memref): Initialize refsize. (builtin_memref::set_base_and_offset): Adjust refoff and compute refsize. (builtin_memref::offset_out_of_bounds): Use ooboff input values. Handle refsize. (builtin_access::builtin_access): Intialize dstoff to destination refeence offset here instead of in maybe_diag_overlap. Adjust referencess even to unrelated objects. Adjust sizrange of bounded string functions to reflect bound. For strcat, adjust destination sizrange by that of source. (builtin_access::strcat_overlap): Adjust offsets and sizes to reflect the increase in destination sizrange above. (builtin_access::overlap): Do not set dstoff here but instead in builtin_access::builtin_access. (check_bounds_or_overlap): Use builtin_access::write_off. (maybe_diag_access_bounds): Add argument. Add informational notes. (dump_builtin_memref, dump_builtin_access): New functions. * tree.c (component_ref_size): ...to here. * tree.h (component_ref_size): Declare. * tree-ssa-strlen (handle_builtin_strcat): Include the terminating nul in the size of the source string. gcc/testsuite/ChangeLog: PR middle-end/91631 * /c-c++-common/Warray-bounds-3.c: Correct expected offsets. * /c-c++-common/Warray-bounds-4.c: Same. * gcc.dg/Warray-bounds-39.c: Remove xfails. * gcc.dg/Warray-bounds-45.c: New test. * gcc.dg/Warray-bounds-46.c: New test. From-SVN: r275981
next prev parent reply other threads:[~2020-04-18 17:07 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-04-18 11:13 [Bug other/94647] New: [10 Regression] wrong diagnostic with -Werror=format-security doko at debian dot org 2020-04-18 17:07 ` msebor at gcc dot gnu.org [this message] 2020-04-20 7:01 ` [Bug middle-end/94647] [10 Regression] bogus -Warray-bounds on strncpy into a larger member array from a smaller array rguenth at gcc dot gnu.org 2020-04-20 17:35 ` msebor at gcc dot gnu.org 2020-04-20 21:29 ` msebor at gcc dot gnu.org 2020-04-21 17:13 ` cvs-commit at gcc dot gnu.org 2020-04-21 17:15 ` msebor at gcc dot gnu.org 2020-04-22 14:59 ` jakub at gcc dot gnu.org 2020-04-22 15:35 ` cvs-commit at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-94647-4-n9PU5Axfmi@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).