-Wstringop-overflow complains about pointers holding explicitly set addresses

-Wstringop-overflow complains about pointers holding explicitly set addresses

[Guy Benyei]

Hello all,
Compiling for RISC-V, I've ran into an error like this:

tmp.c:15:3: error: 'memcpy' writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
   15 |   memcpy(&str2->c, &str1->c, sizeof(str2->c));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The error can be triggered by a pretty simple function:

void foo(m_struct_t *str1) {
  m_struct_t *str2 = (m_struct_t *)0x123400;
  memcpy(&str2->c, &str1->c, sizeof(str2->c));
}

Debugging the case, I've found the following remark in gcc/pointer-query.cc:

/* Pointer constants other than null are most likely the result
   of erroneous null pointer addition/subtraction.  Unless zero
   is a valid address set size to zero.  For null pointers, set
   size to the maximum for now since those may be the result of
   jump threading.  */

I'd prefer not to disable this warning, as it seems very helpful, but in embedded SW we have just too many cases we have to set an address explicitly. I understand the concern about erroneous null pointer addition/subtraction, but I think these could be detected in other analysis, while stringop overflow would still work for other cases.
I see that the warning can be silenced by zero_address_valid, which is only set for x86 non-generic address space for now. I'm not sure if this enabling zero addresses all over the place is right for RISC-V or other potentially embedded targets.

What do you think?

Thanks
        Guy

Re: -Wstringop-overflow complains about pointers holding explicitly set addresses

[Andrew Pinski]

On Wed, Mar 16, 2022 at 1:42 AM Guy Benyei via Gcc <gcc@gcc.gnu.org> wrote:
>
> Hello all,
> Compiling for RISC-V, I've ran into an error like this:
>
> tmp.c:15:3: error: 'memcpy' writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
>    15 |   memcpy(&str2->c, &str1->c, sizeof(str2->c));
>       |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> The error can be triggered by a pretty simple function:
>
> void foo(m_struct_t *str1) {
>   m_struct_t *str2 = (m_struct_t *)0x123400;
>   memcpy(&str2->c, &str1->c, sizeof(str2->c));
> }
>
> Debugging the case, I've found the following remark in gcc/pointer-query.cc:
>
> /* Pointer constants other than null are most likely the result
>    of erroneous null pointer addition/subtraction.  Unless zero
>    is a valid address set size to zero.  For null pointers, set
>    size to the maximum for now since those may be the result of
>    jump threading.  */
>
> I'd prefer not to disable this warning, as it seems very helpful, but in embedded SW we have just too many cases we have to set an address explicitly. I understand the concern about erroneous null pointer addition/subtraction, but I think these could be detected in other analysis, while stringop overflow would still work for other cases.
> I see that the warning can be silenced by zero_address_valid, which is only set for x86 non-generic address space for now. I'm not sure if this enabling zero addresses all over the place is right for RISC-V or other potentially embedded targets.
>
> What do you think?

This is https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 .

Thanks,
Andrew Pinski

>
> Thanks
>         Guy

RE: -Wstringop-overflow complains about pointers holding explicitly set addresses

[Guy Benyei]

Oh, 
Sorry I've missed that.

Thanks
        Guy