* [PATCH] add missing overflow check to stpcpy (PR 79222)
@ 2017-01-25 5:12 Martin Sebor
2017-01-27 23:59 ` Jeff Law
2017-04-28 22:02 ` Jeff Law
0 siblings, 2 replies; 3+ messages in thread
From: Martin Sebor @ 2017-01-25 5:12 UTC (permalink / raw)
To: Gcc Patch List
[-- Attachment #1: Type: text/plain, Size: 188 bytes --]
In implementing the -Wstringop-overflow warning I missed stpcpy.
The attached patch adds the required checking. Given how simple
it is, does it qualify for GCC 7 despite stage 4?
Martin
[-- Attachment #2: gcc-79222.diff --]
[-- Type: text/x-patch, Size: 4183 bytes --]
PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
gcc/ChangeLog:
PR middle-end/79222
* builtins.c (expand_builtin_stpcpy): Check for buffer overflow.
gcc/testsuite/ChangeLog:
PR middle-end/79222
* gcc.dg/builtin-stringop-chk-4.c: Add test cases.
* gcc.dg/pr79222.c: New test.
Index: gcc/builtins.c
===================================================================
--- gcc/builtins.c (revision 244844)
+++ gcc/builtins.c (working copy)
@@ -3612,6 +3615,13 @@ expand_builtin_stpcpy (tree exp, rtx target, machi
dst = CALL_EXPR_ARG (exp, 0);
src = CALL_EXPR_ARG (exp, 1);
+ if (warn_stringop_overflow)
+ {
+ tree destsize = compute_dest_size (dst, warn_stringop_overflow - 1);
+ check_sizes (OPT_Wstringop_overflow_,
+ exp, /*size=*/NULL_TREE, /*maxlen=*/NULL_TREE, src, destsize);
+ }
+
/* If return value is ignored, transform stpcpy into strcpy. */
if (target == const0_rtx && builtin_decl_implicit (BUILT_IN_STRCPY))
{
Index: gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c
===================================================================
--- gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c (revision 244844)
+++ gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c (working copy)
@@ -41,6 +41,9 @@ extern char* (strcat)(char*, const char*);
#define strncat(d, s, n) (strncat ((d), (s), (n)), sink ((d)))
extern char* (strncat)(char*, const char*, size_t);
+#define stpcpy(d, s) (stpcpy ((d), (s)), sink ((d)))
+extern char* (stpcpy)(char*, const char*);
+
#define strcpy(d, s) (strcpy ((d), (s)), sink ((d)))
extern char* (strcpy)(char*, const char*);
@@ -349,6 +352,49 @@ void test_strcpy_range (void)
strcpy (buf + 17, S (0)); /* { dg-warning "writing 1 byte into a region of size 0 " } */
}
+/* Same test_strcpy but for stpcpy. Verify that stpcpy with an unknown
+ source string doesn't cause warnings unless the destination has zero
+ size. */
+
+void test_stpcpy (const char *src)
+{
+ struct A { char a[2]; char b[3]; } a;
+
+ stpcpy (a.a, src);
+ stpcpy (a.a + 1, src);
+
+ stpcpy (a.a + 2, src); /* { dg-warning "writing at least 1 byte into a region of size 0 " "stpcpy into empty substring" { xfail *-*-* } } */
+
+ /* This does work. */
+ stpcpy (a.a + 5, src); /* { dg-warning "writing at least 1 byte into a region of size 0 " } */
+
+ /* As does this. */
+ stpcpy (a.a + 17, src); /* { dg-warning "writing at least 1 byte into a region of size 0 " } */
+}
+
+/* Same test_strcpy but for stpcpy. Test stpcpy with a non-constant source
+ string of length in a known range. */
+
+void test_stpcpy_range (void)
+{
+ char buf[5];
+
+ stpcpy (buf, S (0));
+ stpcpy (buf, S (1));
+ stpcpy (buf, S (2));
+ stpcpy (buf, S (4));
+ stpcpy (buf, S (5)); /* { dg-warning "writing 6 bytes into a region of size 5 " } */
+ stpcpy (buf, S (6)); /* { dg-warning "writing 7 bytes into a region of size 5 " } */
+ stpcpy (buf, S (7)); /* { dg-warning "writing 8 bytes into a region of size 5 " } */
+ stpcpy (buf, S (8)); /* { dg-warning "writing 9 bytes into a region of size 5 " } */
+ stpcpy (buf, S (9)); /* { dg-warning "writing 10 bytes into a region of size 5 " } */
+ stpcpy (buf, S (10)); /* { dg-warning "writing 11 bytes into a region of size 5 " } */
+
+ stpcpy (buf + 5, S (0)); /* { dg-warning "writing 1 byte into a region of size 0 " } */
+
+ stpcpy (buf + 17, S (0)); /* { dg-warning "writing 1 byte into a region of size 0 " } */
+}
+
/* Test strncat with an argument referencing a non-constant string of
lengths in a known range. */
Index: gcc/testsuite/gcc.dg/pr79222.c
===================================================================
--- gcc/testsuite/gcc.dg/pr79222.c (revision 0)
+++ gcc/testsuite/gcc.dg/pr79222.c (working copy)
@@ -0,0 +1,11 @@
+/* PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
+ { dg-do compile }
+ { dg-options "-O2" } */
+
+char d[3];
+
+char* f (int i)
+{
+ const char *s = i < 0 ? "01234567" : "9876543210";
+ return __builtin_stpcpy (d, s); /* { dg-warning ".__builtin_stpcpy. writing 9 bytes into a region of size 3 overflows the destination" } */
+}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] add missing overflow check to stpcpy (PR 79222)
2017-01-25 5:12 [PATCH] add missing overflow check to stpcpy (PR 79222) Martin Sebor
@ 2017-01-27 23:59 ` Jeff Law
2017-04-28 22:02 ` Jeff Law
1 sibling, 0 replies; 3+ messages in thread
From: Jeff Law @ 2017-01-27 23:59 UTC (permalink / raw)
To: Martin Sebor, Gcc Patch List
On 01/24/2017 08:36 PM, Martin Sebor wrote:
> In implementing the -Wstringop-overflow warning I missed stpcpy.
> The attached patch adds the required checking. Given how simple
> it is, does it qualify for GCC 7 despite stage 4?
>
> Martin
>
> gcc-79222.diff
>
>
> PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
>
> gcc/ChangeLog:
>
> PR middle-end/79222
> * builtins.c (expand_builtin_stpcpy): Check for buffer overflow.
>
> gcc/testsuite/ChangeLog:
>
> PR middle-end/79222
> * gcc.dg/builtin-stringop-chk-4.c: Add test cases.
> * gcc.dg/pr79222.c: New test.
I think we should probably defer this as well. We're really at a place
where we'd really prefer to avoid making unnecessary changes. My worry
with this patch is we could start seeing code which used stpcpy start
giving warnings. It's unlikely (as I don't think stpcpy is used that
much), but I'd rather wait.
And ISTM that we may be better keeping the tests separate (ie, a new
test file rather than included in stringop-chk-4.c). It makes merges
easier if something does need to change in that file for gcc-7.
Our focus really needs to be on issues that affect our ability to make a
release. ie, regressions.
Jeff
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] add missing overflow check to stpcpy (PR 79222)
2017-01-25 5:12 [PATCH] add missing overflow check to stpcpy (PR 79222) Martin Sebor
2017-01-27 23:59 ` Jeff Law
@ 2017-04-28 22:02 ` Jeff Law
1 sibling, 0 replies; 3+ messages in thread
From: Jeff Law @ 2017-04-28 22:02 UTC (permalink / raw)
To: Martin Sebor, Gcc Patch List
On 01/24/2017 08:36 PM, Martin Sebor wrote:
> In implementing the -Wstringop-overflow warning I missed stpcpy.
> The attached patch adds the required checking. Given how simple
> it is, does it qualify for GCC 7 despite stage 4?
>
> Martin
>
> gcc-79222.diff
>
>
> PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
>
> gcc/ChangeLog:
>
> PR middle-end/79222
> * builtins.c (expand_builtin_stpcpy): Check for buffer overflow.
>
> gcc/testsuite/ChangeLog:
>
> PR middle-end/79222
> * gcc.dg/builtin-stringop-chk-4.c: Add test cases.
> * gcc.dg/pr79222.c: New test.
This is OK for the trunk.
jeff
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-04-28 20:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-25 5:12 [PATCH] add missing overflow check to stpcpy (PR 79222) Martin Sebor
2017-01-27 23:59 ` Jeff Law
2017-04-28 22:02 ` Jeff Law
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).