public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array
@ 2020-09-11 21:10 msebor at gcc dot gnu.org
2020-10-13 16:53 ` [Bug middle-end/97027] " msebor at gcc dot gnu.org
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-09-11 21:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Bug ID: 97027
Summary: missing warning on buffer overflow storing a larger
scalar into a smaller array
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
None of the obviously out-of-bounds stores in the functions below is diagnosed.
They all should and easily could be.
typedef __INT64_TYPE__ int64_t;
typedef __attribute__ ((__vector_size__ (8))) char V8;
typedef __attribute__ ((__vector_size__ (64))) char V64;
void f0 (int i)
{
char a[1];
void *p = a;
*(int64_t*)p = i; // storing 8 bytes into a one-byte array
__builtin_puts (a);
}
void f1 (int i)
{
char a[1];
if (i < 1 || 2 < i) i = 1;
void *p = a + i;
*(int64_t*)p = i; // storing 8 bytes at offset 1 into a one-byte array
__builtin_puts (a);
}
void g0 (int i)
{
char a[1];
void *p = a;
*(V8*)p = (V8){ i }; // storing 8 bytes into a one-byte array
__builtin_puts (a);
}
void g1 (int i)
{
char a[1];
if (i < 1 || 2 < i) i = 1;
void *p = a + i;
*(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a one-byte
array
__builtin_puts (a);
}
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
@ 2020-10-13 16:53 ` msebor at gcc dot gnu.org
2020-10-13 16:55 ` msebor at gcc dot gnu.org
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-10-13 16:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2020-10-13
Ever confirmed|0 |1
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Whether or not this is diagnosed depends on the form of the IL and that in turn
depends on the target. For example, when configured for aarch64-linux, GCC
doesn't issue any warnings for the test case in comment #0. When configured
for x86_64 it issues the following barrage of warnings (for g1 only).
This is behind failures in the gcc.dg/Wstringop-overflow-47.c test reported
here: https://gcc.gnu.org/pipermail/gcc-patches/2020-October/556049.html
$ gcc -O2 -S pr97027.c
pr97027.c: In function ‘g1’:
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 1 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 2 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 3 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 4 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 5 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 6 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 7 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 8 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 9 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 10 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 11 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 12 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 13 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 14 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 15 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 16 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 17 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 18 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 19 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 20 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 21 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 22 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 23 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 24 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 25 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 26 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 27 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 28 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 29 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 30 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 31 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 32 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 33 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 34 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 35 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 36 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 37 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 38 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 39 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 40 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 41 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 42 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 43 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 44 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 45 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 46 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 47 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 48 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 49 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 50 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 51 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 52 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 53 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 54 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 55 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 56 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 57 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 58 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 59 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 60 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 61 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 62 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 63 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
pr97027.c:36:12: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
36 | *(V64*)p = (V64){ i }; // storing 64 bytes at offset 1 into a
one-byte array
| ~~~~~~~~~^~~~~~~~~~~~
pr97027.c:33:8: note: at offset 64 to object ‘a’ with size 1 declared here
33 | char a[1];
| ^
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
2020-10-13 16:53 ` [Bug middle-end/97027] " msebor at gcc dot gnu.org
@ 2020-10-13 16:55 ` msebor at gcc dot gnu.org
2020-10-13 19:07 ` msebor at gcc dot gnu.org
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-10-13 16:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Another test case. Of the buffer overflow in the four functions in it, only a
subset is diagnosed. The subset depends on the form of the assignment in the
IL which in turn changes from target to target. The output below is for
aarch64 which is different for x86_64.
$ cat xx.c && gcc -O2 -S -fdump-tree-optimized=/dev/stdout xx.c
void f16 (char c)
{
typedef __attribute__ ((__vector_size__ (16))) char C16;
extern char a16[16];
void *p = a16 + 1;
*(C16*)p = (C16){ c };
}
void f32 (char c)
{
typedef __attribute__ ((__vector_size__ (32))) char C32;
extern char a32[32];
void *p = a32 + 1;
*(C32*)p = (C32){ c };
}
void f64 (char c)
{
typedef __attribute__ ((__vector_size__ (64))) char C64;
extern char a64[64];
void *p = a64 + 1;
*(C64*)p = (C64){ c };
}
void f128 (char c)
{
typedef __attribute__ ((__vector_size__ (128))) char C128;
extern char a128[128];
void *p = a128 + 1;
*(C128*)p = (C128){ c };
}
;; Function f16 (f16, funcdef_no=0, decl_uid=3585, cgraph_uid=1,
symbol_order=0)
f16 (char c)
{
vector(16) char _1;
<bb 2> [local count: 1073741824]:
_1 = {c_2(D)};
MEM[(C16 *)&a16 + 1B] = _1;
return;
}
;; Function f32 (f32, funcdef_no=1, decl_uid=3593, cgraph_uid=2,
symbol_order=1)
f32 (char c)
{
vector(32) char _1;
<bb 2> [local count: 1073741824]:
_1 = {c_2(D)};
MEM[(C32 *)&a32 + 1B] = _1;
return;
}
;; Function f64 (f64, funcdef_no=2, decl_uid=3601, cgraph_uid=3,
symbol_order=2)
f64 (char c)
{
vector(64) char _1;
<bb 2> [local count: 1073741824]:
_1 = {c_2(D)};
MEM[(C64 *)&a64 + 1B] = _1;
return;
}
xx.c: In function 'f128':
xx.c:34:13: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
34 | *(C128*)p = (C128){ c };
| ~~~~~~~~~~^~~~~~~~~~~~~
xx.c:32:15: note: at offset 128 to object 'a128' with size 128 declared here
32 | extern char a128[128];
| ^~~~
;; Function f128 (f128, funcdef_no=3, decl_uid=3609, cgraph_uid=4,
symbol_order=3)
f128 (char c)
{
<bb 2> [local count: 1073741824]:
BIT_FIELD_REF <MEM[(C128 *)&a128 + 1B], 8, 0> = c_2(D);
MEM <unsigned long> [(C128 *)&a128 + 2B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 10B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 18B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 26B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 34B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 42B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 50B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 58B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 66B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 74B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 82B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 90B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 98B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 106B] = 0;
MEM <unsigned long> [(C128 *)&a128 + 114B] = 0;
MEM <unsigned int> [(C128 *)&a128 + 122B] = 0;
MEM <unsigned short> [(C128 *)&a128 + 126B] = 0;
BIT_FIELD_REF <MEM[(C128 *)&a128 + 1B], 8, 1016> = 0;
return;
}
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
2020-10-13 16:53 ` [Bug middle-end/97027] " msebor at gcc dot gnu.org
2020-10-13 16:55 ` msebor at gcc dot gnu.org
@ 2020-10-13 19:07 ` msebor at gcc dot gnu.org
2021-07-07 20:14 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-10-13 19:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org
Status|NEW |ASSIGNED
Keywords| |missed-optimization
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The following change seems to take care of the problem:
diff --git a/gcc/tree-ssa-strlen.c b/gcc/tree-ssa-strlen.c
index ebb17cd852c..f04a1e4297d 100644
--- a/gcc/tree-ssa-strlen.c
+++ b/gcc/tree-ssa-strlen.c
@@ -4678,9 +4678,10 @@ count_nonzero_bytes (tree exp, unsigned HOST_WIDE_INT
offset,
if (gimple_assign_single_p (stmt))
{
exp = gimple_assign_rhs1 (stmt);
- if (TREE_CODE (exp) != MEM_REF)
+ if (TREE_CODE (exp) != CONSTRUCTOR
+ && TREE_CODE (exp) != MEM_REF)
return false;
- /* Handle MEM_REF below. */
+ /* Handle CONSTRUCTOR and MEM_REF below. */
}
else if (gimple_code (stmt) == GIMPLE_PHI)
{
@@ -4704,6 +4705,23 @@ count_nonzero_bytes (tree exp, unsigned HOST_WIDE_INT
offset,
}
}
+ if (TREE_CODE (exp) == CONSTRUCTOR)
+ {
+ if (nbytes)
+ return false;
+
+ tree type = TREE_TYPE (exp);
+ tree size = TYPE_SIZE_UNIT (type);
+ if (!size || !tree_fits_uhwi_p (size))
+ return false;
+
+ unsigned HOST_WIDE_INT byte_size = tree_to_uhwi (size);
+ if (byte_size < offset)
+ return false;
+
+ nbytes = byte_size - offset;
+ }
+
if (TREE_CODE (exp) == MEM_REF)
{
if (nbytes)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (2 preceding siblings ...)
2020-10-13 19:07 ` msebor at gcc dot gnu.org
@ 2021-07-07 20:14 ` cvs-commit at gcc dot gnu.org
2021-07-07 20:30 ` msebor at gcc dot gnu.org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-07-07 20:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
https://gcc.gnu.org/g:a110855667782dac7b674d3e328b253b3b3c919b
commit r12-2132-ga110855667782dac7b674d3e328b253b3b3c919b
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Jul 7 14:05:25 2021 -0600
Correct handling of variable offset minus constant in -Warray-bounds
[PR100137]
Resolves:
PR tree-optimization/100137 - -Warray-bounds false positive on varying
offset plus negative
PR tree-optimization/99121 - ICE in -Warray-bounds on a multidimensional
PR tree-optimization/97027 - missing warning on buffer overflow storing a
larger scalar into a smaller array
gcc/ChangeLog:
PR tree-optimization/100137
PR tree-optimization/99121
PR tree-optimization/97027
* builtins.c (access_ref::access_ref): Also set offmax.
(access_ref::offset_in_range): Define new function.
(access_ref::add_offset): Set offmax.
(access_ref::inform_access): Handle access_none.
(handle_mem_ref): Clear ostype.
(compute_objsize_r): Handle ASSERT_EXPR.
* builtins.h (struct access_ref): Add offmax member.
* gimple-array-bounds.cc (array_bounds_checker::check_mem_ref): Use
compute_objsize() and simplify.
gcc/testsuite/ChangeLog:
PR tree-optimization/100137
PR tree-optimization/99121
PR tree-optimization/97027
* c-c++-common/Warray-bounds-3.c: Remove xfail
* c-c++-common/Warray-bounds-4.c: Add an expected warning.
* c-c++-common/Warray-bounds-9.c: New test.
* c-c++-common/Warray-bounds-10.c: New test.
* g++.dg/asan/asan_test.C: Suppress expected warnings.
* g++.dg/pr95768.C: Same.
* g++.dg/warn/Warray-bounds-10.C: Adjust text of expected messages.
* g++.dg/warn/Warray-bounds-11.C: Same.
* g++.dg/warn/Warray-bounds-12.C: Same.
* g++.dg/warn/Warray-bounds-13.C: Same.
* g++.dg/warn/Warray-bounds-17.C: Same.
* g++.dg/warn/Warray-bounds-20.C: Same.
* gcc.dg/Warray-bounds-29.c: Same.
* gcc.dg/Warray-bounds-30.c: Add xfail.
* gcc.dg/Warray-bounds-31.c: Adjust text of expected messages.
* gcc.dg/Warray-bounds-32.c: Same.
* gcc.dg/Warray-bounds-52.c: Same.
* gcc.dg/Warray-bounds-53.c: Same.
* gcc.dg/Warray-bounds-58.c: Remove xfail.
* gcc.dg/Warray-bounds-63.c: Adjust text of expected messages.
* gcc.dg/Warray-bounds-66.c: Same.
* gcc.dg/Warray-bounds-69.c: Same.
* gcc.dg/Wstringop-overflow-34.c: Same.
* gcc.dg/Wstringop-overflow-47.c: Same.
* gcc.dg/Wstringop-overflow-61.c: Same.
* gcc.dg/Warray-bounds-77.c: New test.
* gcc.dg/Warray-bounds-78.c: New test.
* gcc.dg/Warray-bounds-79.c: New test.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (3 preceding siblings ...)
2021-07-07 20:14 ` cvs-commit at gcc dot gnu.org
@ 2021-07-07 20:30 ` msebor at gcc dot gnu.org
2021-07-09 17:38 ` msebor at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-07 20:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |12.0
--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
Fixed in GCC 12.0.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (4 preceding siblings ...)
2021-07-07 20:30 ` msebor at gcc dot gnu.org
@ 2021-07-09 17:38 ` msebor at gcc dot gnu.org
2021-07-09 17:54 ` msebor at gcc dot gnu.org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-09 17:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #6 from Martin Sebor <msebor at gcc dot gnu.org> ---
Still not completely fixed. gcc.dg/Wstringop-overflow-47.c still fails on
aarch64 due to the different IL. The test below (extracted from
Wstringop-overflow-47.c) is diagnosed as expected with an x86_64 native GCC but
now with an aarch64 cross.
$ cat t.c && /build/aarch64-linux/gcc-master/gcc/xgcc -B
/build/aarch64-linux/gcc-master/gcc -O2 -S -fdump-tree-optimized=/dev/stdout
t.c
typedef __INT16_TYPE__ int16_t;
typedef __attribute__ ((__vector_size__ (32))) char C32;
void warn_c32 (char c)
{
extern char warn_a32[32]; // { dg-message "at offset 32 into destination
object 'warn_a32' of size 32" "pr97027" }
void *p = warn_a32 + 1;
*(C32*)p = (C32){ c }; // { dg-warning "writing 1 byte into a region of
size 0" "pr97027" }
}
;; Function warn_c32 (warn_c32, funcdef_no=0, decl_uid=3908, cgraph_uid=1,
symbol_order=0)
void warn_c32 (char c)
{
vector(32) char _1;
<bb 2> [local count: 1073741824]:
_1 = {c_2(D)};
MEM[(C32 *)&warn_a32 + 1B] = _1;
return;
}
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (5 preceding siblings ...)
2021-07-09 17:38 ` msebor at gcc dot gnu.org
@ 2021-07-09 17:54 ` msebor at gcc dot gnu.org
2021-07-13 19:27 ` msebor at gcc dot gnu.org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-09 17:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
Something like the patch in comment 3 to handle the overflow in
tree-ssa-strlen.c is still needed. Otherwise GCC does issue a -Warray-bounds
but that's enabled only with -Wall (the test expects buffer overflow to be
detected without -Wall).
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (6 preceding siblings ...)
2021-07-09 17:54 ` msebor at gcc dot gnu.org
@ 2021-07-13 19:27 ` msebor at gcc dot gnu.org
2021-07-13 19:27 ` msebor at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-13 19:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
--- Comment #8 from Martin Sebor <msebor at gcc dot gnu.org> ---
Another patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-July/575117.html
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (7 preceding siblings ...)
2021-07-13 19:27 ` msebor at gcc dot gnu.org
@ 2021-07-13 19:27 ` msebor at gcc dot gnu.org
2021-07-15 9:22 ` clyon at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-13 19:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |ASSIGNED
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (8 preceding siblings ...)
2021-07-13 19:27 ` msebor at gcc dot gnu.org
@ 2021-07-15 9:22 ` clyon at gcc dot gnu.org
2021-07-15 19:16 ` cvs-commit at gcc dot gnu.org
2021-07-15 19:22 ` msebor at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: clyon at gcc dot gnu.org @ 2021-07-15 9:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Christophe Lyon <clyon at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |clyon at gcc dot gnu.org
--- Comment #9 from Christophe Lyon <clyon at gcc dot gnu.org> ---
Note that we still have failures on arm similar to what you mention on aarch64.
FAIL: gcc.dg/Wstringop-overflow-47.c pr97027 (test for warnings, line 34)
FAIL: gcc.dg/Wstringop-overflow-47.c pr97027 (test for warnings, line 37)
FAIL: gcc.dg/Wstringop-overflow-47.c pr97027 (test for warnings, line 42)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (9 preceding siblings ...)
2021-07-15 9:22 ` clyon at gcc dot gnu.org
@ 2021-07-15 19:16 ` cvs-commit at gcc dot gnu.org
2021-07-15 19:22 ` msebor at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-07-15 19:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
https://gcc.gnu.org/g:f0500db3692276f60e0562c17c87a0cb03e34398
commit r12-2338-gf0500db3692276f60e0562c17c87a0cb03e34398
Author: Martin Sebor <msebor@redhat.com>
Date: Thu Jul 15 13:15:03 2021 -0600
Detect buffer overflow by aggregate and vector stores [PR97027].
Resolves:
PR middle-end/97027 - missing warning on buffer overflow storing a larger
scalar into a smaller array
gcc/ChangeLog:
PR middle-end/97027
* tree-ssa-strlen.c (handle_assign): New function.
(maybe_warn_overflow): Add argument.
(nonzero_bytes_for_type): New function.
(count_nonzero_bytes): Handle more tree types. Call
nonzero_bytes_for_tye.
(count_nonzero_bytes): Handle types.
(handle_store): Handle stores from function calls.
(strlen_check_and_optimize_call): Move code to handle_assign. Call
it for assignments from function calls.
gcc/testsuite/ChangeLog:
PR middle-end/97027
* gcc.dg/Wstringop-overflow-15.c: Remove an xfail.
* gcc.dg/Wstringop-overflow-47.c: Adjust xfails.
* gcc.dg/torture/pr69170.c: Avoid valid warnings.
* gcc.dg/torture/pr70025.c: Prune out a false positive.
* gcc.dg/vect/pr97769.c: Initialize a loop control variable.
* gcc.target/i386/pr92658-avx512bw-trunc.c: Increase buffer size
to avoid overflow.
* gcc.target/i386/pr92658-avx512f.c: Same.
* gcc.dg/Wstringop-overflow-68.c: New test.
* gcc.dg/Wstringop-overflow-69.c: New test.
* gcc.dg/Wstringop-overflow-70.c: New test.
* gcc.dg/Wstringop-overflow-71.c: New test.
* gcc.dg/strlenopt-95.c: New test.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/97027] missing warning on buffer overflow storing a larger scalar into a smaller array
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
` (10 preceding siblings ...)
2021-07-15 19:16 ` cvs-commit at gcc dot gnu.org
@ 2021-07-15 19:22 ` msebor at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-07-15 19:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97027
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #11 from Martin Sebor <msebor at gcc dot gnu.org> ---
With r12-2338 Wstringop-overflow-47.c passes on aarch64, arm, as well as
x86_64, so this can now be fully resolved.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2021-07-15 19:22 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-11 21:10 [Bug middle-end/97027] New: missing warning on buffer overflow storing a larger scalar into a smaller array msebor at gcc dot gnu.org
2020-10-13 16:53 ` [Bug middle-end/97027] " msebor at gcc dot gnu.org
2020-10-13 16:55 ` msebor at gcc dot gnu.org
2020-10-13 19:07 ` msebor at gcc dot gnu.org
2021-07-07 20:14 ` cvs-commit at gcc dot gnu.org
2021-07-07 20:30 ` msebor at gcc dot gnu.org
2021-07-09 17:38 ` msebor at gcc dot gnu.org
2021-07-09 17:54 ` msebor at gcc dot gnu.org
2021-07-13 19:27 ` msebor at gcc dot gnu.org
2021-07-13 19:27 ` msebor at gcc dot gnu.org
2021-07-15 9:22 ` clyon at gcc dot gnu.org
2021-07-15 19:16 ` cvs-commit at gcc dot gnu.org
2021-07-15 19:22 ` msebor at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).