http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50460
Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jakub at gcc dot gnu.org Target Milestone|--- |4.7.0 --- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-09-20 09:59:49 UTC --- Seems to be caused by PR48571, we throw away the important info (that the access was through a.buf1 rather than &a), which is essential for -D_FORTIFY_SOURCE=2. The change happens already during gimplification: - strcpy (&a.buf1[4], D.2732); + strcpy (&MEM[(void *)&a + 4B], D.2732); while in *.original it was strcpy ((char *) &a.buf1 + 4, str1 + 5); Not reconstrucing the array ref is fine, but before *.objsz pass we really shouldn't throw away the buf1 from it, so it should be tmp = &a.buf1 + 4; -D_FORTIFY_SOURCE=2 cares whether the user wrote strcpy ((char *) &a + 4, ...); (in which case it allows to overwrite the whole object) or strcpy ((char *) &a.buf1 + 4, ...); (in which case it is allowed to overwrite just the buf1 field). Richard, can you please have a look at this?