Some constructs cause gcc to warn as always causing a buffer overflow
incorrectly. For example, this is a minimalistic version of a warning found in

#include <string.h>
#include <stdlib.h>
#include <stdint.h>

struct T {
        union {
                struct {
                        char str[1];
                } x;
        } u;

int main() {
        struct T *p = malloc(sizeof(char) * 100);
        strcpy(p->u.x.str, "ABCD");
        return 0;

This is a slightly obfuscated version of the struct hack and is clearly not a
buffer overflow. Yet compiling with: "gcc -O2 test.c -o test" results in:

In file included from /usr/include/string.h:640:0,
                 from test.c:2:
In function 'strcpy',
    inlined from 'main' at test.c:16:8:
/usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will
always overflow destination buffer

           Summary: strcpy_chk false positive
           Product: gcc
           Version: 4.5.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: eteran at alum dot rit dot edu

Reply via email to