From: Martin Sebor <msebor@gmail.com>
To: Gcc Patch List <gcc-patches@gcc.gnu.org>
Subject: [PATCH] add missing overflow check to stpcpy (PR 79222)
Date: Wed, 25 Jan 2017 05:12:00 -0000 [thread overview]
Message-ID: <19a6e25f-92c8-46be-a690-f56d60ebb214@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 188 bytes --]
In implementing the -Wstringop-overflow warning I missed stpcpy.
The attached patch adds the required checking. Given how simple
it is, does it qualify for GCC 7 despite stage 4?
Martin
[-- Attachment #2: gcc-79222.diff --]
[-- Type: text/x-patch, Size: 4183 bytes --]
PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
gcc/ChangeLog:
PR middle-end/79222
* builtins.c (expand_builtin_stpcpy): Check for buffer overflow.
gcc/testsuite/ChangeLog:
PR middle-end/79222
* gcc.dg/builtin-stringop-chk-4.c: Add test cases.
* gcc.dg/pr79222.c: New test.
Index: gcc/builtins.c
===================================================================
--- gcc/builtins.c (revision 244844)
+++ gcc/builtins.c (working copy)
@@ -3612,6 +3615,13 @@ expand_builtin_stpcpy (tree exp, rtx target, machi
dst = CALL_EXPR_ARG (exp, 0);
src = CALL_EXPR_ARG (exp, 1);
+ if (warn_stringop_overflow)
+ {
+ tree destsize = compute_dest_size (dst, warn_stringop_overflow - 1);
+ check_sizes (OPT_Wstringop_overflow_,
+ exp, /*size=*/NULL_TREE, /*maxlen=*/NULL_TREE, src, destsize);
+ }
+
/* If return value is ignored, transform stpcpy into strcpy. */
if (target == const0_rtx && builtin_decl_implicit (BUILT_IN_STRCPY))
{
Index: gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c
===================================================================
--- gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c (revision 244844)
+++ gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c (working copy)
@@ -41,6 +41,9 @@ extern char* (strcat)(char*, const char*);
#define strncat(d, s, n) (strncat ((d), (s), (n)), sink ((d)))
extern char* (strncat)(char*, const char*, size_t);
+#define stpcpy(d, s) (stpcpy ((d), (s)), sink ((d)))
+extern char* (stpcpy)(char*, const char*);
+
#define strcpy(d, s) (strcpy ((d), (s)), sink ((d)))
extern char* (strcpy)(char*, const char*);
@@ -349,6 +352,49 @@ void test_strcpy_range (void)
strcpy (buf + 17, S (0)); /* { dg-warning "writing 1 byte into a region of size 0 " } */
}
+/* Same test_strcpy but for stpcpy. Verify that stpcpy with an unknown
+ source string doesn't cause warnings unless the destination has zero
+ size. */
+
+void test_stpcpy (const char *src)
+{
+ struct A { char a[2]; char b[3]; } a;
+
+ stpcpy (a.a, src);
+ stpcpy (a.a + 1, src);
+
+ stpcpy (a.a + 2, src); /* { dg-warning "writing at least 1 byte into a region of size 0 " "stpcpy into empty substring" { xfail *-*-* } } */
+
+ /* This does work. */
+ stpcpy (a.a + 5, src); /* { dg-warning "writing at least 1 byte into a region of size 0 " } */
+
+ /* As does this. */
+ stpcpy (a.a + 17, src); /* { dg-warning "writing at least 1 byte into a region of size 0 " } */
+}
+
+/* Same test_strcpy but for stpcpy. Test stpcpy with a non-constant source
+ string of length in a known range. */
+
+void test_stpcpy_range (void)
+{
+ char buf[5];
+
+ stpcpy (buf, S (0));
+ stpcpy (buf, S (1));
+ stpcpy (buf, S (2));
+ stpcpy (buf, S (4));
+ stpcpy (buf, S (5)); /* { dg-warning "writing 6 bytes into a region of size 5 " } */
+ stpcpy (buf, S (6)); /* { dg-warning "writing 7 bytes into a region of size 5 " } */
+ stpcpy (buf, S (7)); /* { dg-warning "writing 8 bytes into a region of size 5 " } */
+ stpcpy (buf, S (8)); /* { dg-warning "writing 9 bytes into a region of size 5 " } */
+ stpcpy (buf, S (9)); /* { dg-warning "writing 10 bytes into a region of size 5 " } */
+ stpcpy (buf, S (10)); /* { dg-warning "writing 11 bytes into a region of size 5 " } */
+
+ stpcpy (buf + 5, S (0)); /* { dg-warning "writing 1 byte into a region of size 0 " } */
+
+ stpcpy (buf + 17, S (0)); /* { dg-warning "writing 1 byte into a region of size 0 " } */
+}
+
/* Test strncat with an argument referencing a non-constant string of
lengths in a known range. */
Index: gcc/testsuite/gcc.dg/pr79222.c
===================================================================
--- gcc/testsuite/gcc.dg/pr79222.c (revision 0)
+++ gcc/testsuite/gcc.dg/pr79222.c (working copy)
@@ -0,0 +1,11 @@
+/* PR middle-end/79222 - missing -Wstringop-overflow= on a stpcpy overflow
+ { dg-do compile }
+ { dg-options "-O2" } */
+
+char d[3];
+
+char* f (int i)
+{
+ const char *s = i < 0 ? "01234567" : "9876543210";
+ return __builtin_stpcpy (d, s); /* { dg-warning ".__builtin_stpcpy. writing 9 bytes into a region of size 3 overflows the destination" } */
+}
next reply other threads:[~2017-01-25 3:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-25 5:12 Martin Sebor [this message]
2017-01-27 23:59 ` Jeff Law
2017-04-28 22:02 ` Jeff Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19a6e25f-92c8-46be-a690-f56d60ebb214@gmail.com \
--to=msebor@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).