From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id CF7DF385B835; Sat, 18 Apr 2020 17:07:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CF7DF385B835 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1587229672; bh=lsNVP2yybl3+GwuwwHUzDcDE3u/I0x/bhwsEsvCk4Ww=; h=From:To:Subject:Date:In-Reply-To:References:From; b=pc7wQ0NWwzz94pxvJYLB6nkCG4HZj4gYYoAuz4V5xJvt5GT65Bd3X24zptNJQnxI9 xNd3GVMjsA9uxuW2+ZHU9i7GlkSeZJ1QnJQgPyaOQvJ8rfBjjarmsZXI6mtIsZZZaH HG1fQfk2d41h9s51SvVg1BaDHJ0nc3Y8BNVUcgqg= From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/94647] [10 Regression] bogus -Warray-bounds on strncpy into a larger member array from a smaller array Date: Sat, 18 Apr 2020 17:07:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 10.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc cf_reconfirmed_on bug_status component everconfirmed short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Apr 2020 17:07:52 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D94647 Martin Sebor changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msebor at gcc dot gnu.org Last reconfirmed| |2020-04-18 Status|UNCONFIRMED |NEW Component|other |middle-end Ever confirmed|0 |1 Summary|[10 Regression] wrong |[10 Regression] bogus |diagnostic with |-Warray-bounds on strncpy |-Werror=3Dformat-security |into a larger member arr= ay | |from a smaller array --- Comment #1 from Martin Sebor --- Confirmed with the slightly simplified test case below: $ cat pr94647.c && gcc -O2 -S -Wall pr94647.c char a[4], b[8]; void f (void) { __builtin_strncpy (b, a, sizeof b); // no warning } struct S {=20 char a[4], b[8]; }; void g (struct S *p) { __builtin_strncpy (p->b, p->a, sizeof p->b); // bogus -Warray-bounds } pr94647.c: In function =E2=80=98g=E2=80=99: pr94647.c:15:3: warning: =E2=80=98__builtin_strncpy=E2=80=99 offset [4, 7] = from the object at =E2=80=98p=E2=80=99 is out of the bounds of referenced subobject =E2=80=98a= =E2=80=99 with type =E2=80=98char[4]=E2=80=99 at offset 0 [-Warray-bounds] 15 | __builtin_strncpy (p->b, p->a, sizeof p->b); // bogus -Warray-bounds | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pr94647.c:10:8: note: subobject =E2=80=98a=E2=80=99 declared here 10 | char a[4], b[8]; | ^ The spurious warning was introduced by r275981: Author: Martin Sebor Date: Thu Sep 19 22:15:34 2019 +0000 PR middle-end/91631 - buffer overflow into an array member of a declared object not detected gcc/ChangeLog: PR middle-end/91631 * builtins.c (component_size): Correct trailing array computati= on, rename to component_ref_size and move... (compute_objsize): Adjust. * gimple-ssa-warn-restrict.c (builtin_memref::refsize): New mem= ber. (builtin_access::strict): Do not consider mememmove. (builtin_access::write_off): New function. (builtin_memref::builtin_memref): Initialize refsize. (builtin_memref::set_base_and_offset): Adjust refoff and compute refsize. (builtin_memref::offset_out_of_bounds): Use ooboff input values. Handle refsize. (builtin_access::builtin_access): Intialize dstoff to destinati= on refeence offset here instead of in maybe_diag_overlap. Adjust referencess even to unrelated objects. Adjust sizrange of boun= ded string functions to reflect bound. For strcat, adjust destinat= ion sizrange by that of source. (builtin_access::strcat_overlap): Adjust offsets and sizes to reflect the increase in destination sizrange above. (builtin_access::overlap): Do not set dstoff here but instead in builtin_access::builtin_access. (check_bounds_or_overlap): Use builtin_access::write_off. (maybe_diag_access_bounds): Add argument. Add informational no= tes. (dump_builtin_memref, dump_builtin_access): New functions. * tree.c (component_ref_size): ...to here. * tree.h (component_ref_size): Declare. * tree-ssa-strlen (handle_builtin_strcat): Include the terminat= ing nul in the size of the source string. gcc/testsuite/ChangeLog: PR middle-end/91631 * /c-c++-common/Warray-bounds-3.c: Correct expected offsets. * /c-c++-common/Warray-bounds-4.c: Same. * gcc.dg/Warray-bounds-39.c: Remove xfails. * gcc.dg/Warray-bounds-45.c: New test. * gcc.dg/Warray-bounds-46.c: New test. From-SVN: r275981=