https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71907
Bug ID: 71907 Summary: missing buffer overflow warnings with -flto Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: lto Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- The following program overflows the local character buffer. When it's compiled without the -flto option the buffer overflow is diagnosed with a warning. But when it's compiled with the -flto option the diagnostic is not issued. $ (CC='/build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc'; CFLAGS='-D_FORTIFY_SOURCE=2 -O2 -Wall -Wextra -Wpedantic'; set -x; cat xyz.c && for lto in '' -flto; do $CC $CFLAGS -c $lto xyz.c && $CC $CFLAGS $lto xyz.o; done) + cat xyz.c #include <string.h> void f (char *d, const char *s) { strcpy (d, s); } int main (void) { const char s[] = "12345678"; char d [4]; f (d, s); __builtin_printf ("%s\n", d); } + for lto in ''\'''\''' -flto + /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -Wextra -Wpedantic -c xyz.c In file included from /usr/include/string.h:639:0, from xyz.c:1: In function ‘strcpy’, inlined from ‘main’ at xyz.c:5:3: /usr/include/bits/string3.h:104:10: warning: call to __builtin___memcpy_chk will always overflow destination buffer return __builtin___strcpy_chk (__dest, __src, __bos (__dest)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -Wextra -Wpedantic xyz.o + for lto in ''\'''\''' -flto + /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -Wextra -Wpedantic -c -flto xyz.c + /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -Wextra -Wpedantic -flto xyz.o