public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument
@ 2020-10-29 16:16 msebor at gcc dot gnu.org
2020-10-29 16:17 ` [Bug tree-optimization/97631] [10/11 Regression] " msebor at gcc dot gnu.org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-10-29 16:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Bug ID: 97631
Summary: bogus "writing one too many bytes" warning for memcpy
with strlen argument
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Wstringop-overflow instance in f() is correct and intended but the one in
g() is neither. It most likely crept in by mistake in r279392. The test case
was reduced from libfido2.
$ cat xxx.c && gcc -O2 -S -Wall xxx.c
typedef __SIZE_TYPE__ size_t;
char* f (char *s)
{
size_t n = __builtin_strlen (s);
if (n == 0)
return 0;
char *d = __builtin_malloc (n);
__builtin_strcpy (d, s); // -Wstringop-overflow (good)
return d;
}
char* g (char *s)
{
size_t n = __builtin_strlen (s);
if (n == 0)
return 0;
char *d = __builtin_malloc (n);
__builtin_memcpy (d, s, n); // bogus overflow warning
return d;
}
xxx.c: In function ‘f’:
xxx.c:10:3: warning: ‘__builtin_strcpy’ writing one too many bytes into a
region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
10 | __builtin_strcpy (d, s); // -Wstringop-overflow (good)
| ^~~~~~~~~~~~~~~~~~~~~~~
xxx.c:9:13: note: at offset 0 to an object allocated by ‘__builtin_malloc’ here
9 | char *d = __builtin_malloc (n);
| ^~~~~~~~~~~~~~~~~~~~
xxx.c: In function ‘g’:
xxx.c:21:3: warning: ‘__builtin_memcpy’ writing one too many bytes into a
region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
21 | __builtin_memcpy (d, s, n); // bogus overflow warning
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
xxx.c:20:13: note: at offset 0 to an object allocated by ‘__builtin_malloc’
here
20 | char *d = __builtin_malloc (n);
| ^~~~~~~~~~~~~~~~~~~~
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10/11 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
@ 2020-10-29 16:17 ` msebor at gcc dot gnu.org
2020-10-29 16:25 ` msebor at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-10-29 16:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
Known to fail| |10.2.0, 11.0
Keywords| |diagnostic
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org
Known to work| |9.3.0
Blocks| |88443
Last reconfirmed| |2020-10-29
Summary|bogus "writing one too many |[10/11 Regression] bogus
|bytes" warning for memcpy |"writing one too many
|with strlen argument |bytes" warning for memcpy
| |with strlen argument
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443
[Bug 88443] [meta-bug] bogus/missing -Wstringop-overflow warnings
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10/11 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
2020-10-29 16:17 ` [Bug tree-optimization/97631] [10/11 Regression] " msebor at gcc dot gnu.org
@ 2020-10-29 16:25 ` msebor at gcc dot gnu.org
2020-10-30 8:26 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-10-29 16:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
While playing with the test case I added to pr97631 I noticed that when I
change the type of len to int, the warning disappears for the call to strcpy
(where it's intended) but the false positive stays for the call to memcpy.
When I change the type to unsigned int, the warning then moves to strcpy and
disappears for memcpy. This should get cleaned up too.
$ (set -x && cat xxx.c && gcc -DINT=int -O2 -S -Wall xxx.c && gcc
-DINT=unsigned -O2 -S -Wall xxx.c)
+ cat xxx.c
char* f (char *s)
{
INT n = __builtin_strlen (s);
if (n == 0)
return 0;
char *d = __builtin_malloc (n);
__builtin_strcpy (d, s); // -Wstringop-overflow (good)
return d;
}
char* g (char *s)
{
INT n = __builtin_strlen (s);
if (n == 0)
return 0;
char *d = __builtin_malloc (n);
__builtin_memcpy (d, s, n); // bogus overflow warning
return d;
}
+ gcc -DINT=int -O2 -S -Wall xxx.c
xxx.c: In function ‘g’:
xxx.c:19:3: warning: ‘__builtin_memcpy’ writing one too many bytes into a
region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
19 | __builtin_memcpy (d, s, n); // bogus overflow warning
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
xxx.c:18:13: note: at offset 0 to an object with size between 1 and
18446744073709551615 allocated by ‘__builtin_malloc’ here
18 | char *d = __builtin_malloc (n);
| ^~~~~~~~~~~~~~~~~~~~
+ gcc -DINT=unsigned -O2 -S -Wall xxx.c
xxx.c: In function ‘f’:
xxx.c:8:3: warning: ‘__builtin_strcpy’ writing one too many bytes into a region
of a size that depends on ‘strlen’ [-Wstringop-overflow=]
8 | __builtin_strcpy (d, s); // -Wstringop-overflow (good)
| ^~~~~~~~~~~~~~~~~~~~~~~
xxx.c:7:13: note: at offset 0 to an object with size at most 4294967295
allocated by ‘__builtin_malloc’ here
7 | char *d = __builtin_malloc (n);
| ^~~~~~~~~~~~~~~~~~~~
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10/11 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
2020-10-29 16:17 ` [Bug tree-optimization/97631] [10/11 Regression] " msebor at gcc dot gnu.org
2020-10-29 16:25 ` msebor at gcc dot gnu.org
@ 2020-10-30 8:26 ` rguenth at gcc dot gnu.org
2021-02-18 22:31 ` msebor at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-10-30 8:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |10.3
Priority|P3 |P2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10/11 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (2 preceding siblings ...)
2020-10-30 8:26 ` rguenth at gcc dot gnu.org
@ 2021-02-18 22:31 ` msebor at gcc dot gnu.org
2021-03-08 20:31 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-02-18 22:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-February/565541.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10/11 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (3 preceding siblings ...)
2021-02-18 22:31 ` msebor at gcc dot gnu.org
@ 2021-03-08 20:31 ` cvs-commit at gcc dot gnu.org
2021-03-08 20:32 ` [Bug tree-optimization/97631] [10 " msebor at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-03-08 20:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
https://gcc.gnu.org/g:7f5ff78ff3f971c11ec67f422b2fd34281db9123
commit r11-7562-g7f5ff78ff3f971c11ec67f422b2fd34281db9123
Author: Martin Sebor <msebor@redhat.com>
Date: Mon Mar 8 13:28:52 2021 -0700
PR middle-end/97631 - bogus "writing one too many bytes" warning for memcpy
with strlen argument
gcc/ChangeLog:
PR middle-end/97631
* tree-ssa-strlen.c (maybe_warn_overflow): Test rawmem.
(handle_builtin_stxncpy_strncat): Rename locals. Determine
destination size from allocation calls. Issue a more appropriate
kind of warning.
(handle_builtin_memcpy): Pass true as rawmem to
maybe_warn_overflow.
(handle_builtin_memset): Same.
gcc/testsuite/ChangeLog:
PR middle-end/97631
* c-c++-common/Wstringop-overflow.c: Remove unexpected warnings.
Add an xfail.
* c-c++-common/Wstringop-truncation.c: Add expected warnings.
* gcc.dg/Wstringop-overflow-10.c: Also enable
-Wstringop-truncation.
* gcc.dg/Wstringop-overflow-66.c: New test.
* gcc.dg/tree-ssa/strncpy-2.c: Adjust expected warning.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (4 preceding siblings ...)
2021-03-08 20:31 ` cvs-commit at gcc dot gnu.org
@ 2021-03-08 20:32 ` msebor at gcc dot gnu.org
2021-04-08 12:02 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-03-08 20:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail|11.0 |
Summary|[10/11 Regression] bogus |[10 Regression] bogus
|"writing one too many |"writing one too many
|bytes" warning for memcpy |bytes" warning for memcpy
|with strlen argument |with strlen argument
Known to work| |11.0
--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Fixed in GCC 11.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (5 preceding siblings ...)
2021-03-08 20:32 ` [Bug tree-optimization/97631] [10 " msebor at gcc dot gnu.org
@ 2021-04-08 12:02 ` rguenth at gcc dot gnu.org
2022-03-17 19:44 ` msebor at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-04-08 12:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.3 |10.4
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10.3 is being released, retargeting bugs to GCC 10.4.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (6 preceding siblings ...)
2021-04-08 12:02 ` rguenth at gcc dot gnu.org
@ 2022-03-17 19:44 ` msebor at gcc dot gnu.org
2022-06-28 10:42 ` jakub at gcc dot gnu.org
2023-07-07 9:11 ` rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2022-03-17 19:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
Assignee|msebor at gcc dot gnu.org |unassigned at gcc dot gnu.org
--- Comment #6 from Martin Sebor <msebor at gcc dot gnu.org> ---
I'm no longer planning to backport the fix.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (7 preceding siblings ...)
2022-03-17 19:44 ` msebor at gcc dot gnu.org
@ 2022-06-28 10:42 ` jakub at gcc dot gnu.org
2023-07-07 9:11 ` rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-06-28 10:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.4 |10.5
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.4 is being released, retargeting bugs to GCC 10.5.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/97631] [10 Regression] bogus "writing one too many bytes" warning for memcpy with strlen argument
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
` (8 preceding siblings ...)
2022-06-28 10:42 ` jakub at gcc dot gnu.org
@ 2023-07-07 9:11 ` rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-07-07 9:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97631
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Known to fail| |10.5.0
Target Milestone|10.5 |11.0
--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
Fixed in GCC 11.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-07-07 9:11 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-29 16:16 [Bug tree-optimization/97631] New: bogus "writing one too many bytes" warning for memcpy with strlen argument msebor at gcc dot gnu.org
2020-10-29 16:17 ` [Bug tree-optimization/97631] [10/11 Regression] " msebor at gcc dot gnu.org
2020-10-29 16:25 ` msebor at gcc dot gnu.org
2020-10-30 8:26 ` rguenth at gcc dot gnu.org
2021-02-18 22:31 ` msebor at gcc dot gnu.org
2021-03-08 20:31 ` cvs-commit at gcc dot gnu.org
2021-03-08 20:32 ` [Bug tree-optimization/97631] [10 " msebor at gcc dot gnu.org
2021-04-08 12:02 ` rguenth at gcc dot gnu.org
2022-03-17 19:44 ` msebor at gcc dot gnu.org
2022-06-28 10:42 ` jakub at gcc dot gnu.org
2023-07-07 9:11 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).