https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71907
Bug ID: 71907
Summary: missing buffer overflow warnings with -flto
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: lto
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The following program overflows the local character buffer. When it's compiled
without the -flto option the buffer overflow is diagnosed with a warning. But
when it's compiled with the -flto option the diagnostic is not issued.
$ (CC='/build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc';
CFLAGS='-D_FORTIFY_SOURCE=2 -O2 -Wall -Wextra -Wpedantic'; set -x; cat xyz.c &&
for lto in '' -flto; do $CC $CFLAGS -c $lto xyz.c && $CC $CFLAGS $lto xyz.o;
done)
+ cat xyz.c
#include <string.h>
void f (char *d, const char *s)
{
strcpy (d, s);
}
int main (void)
{
const char s[] = "12345678";
char d [4];
f (d, s);
__builtin_printf ("%s\n", d);
}
+ for lto in ''\'''\''' -flto
+ /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2
-O2 -Wall -Wextra -Wpedantic -c xyz.c
In file included from /usr/include/string.h:639:0,
from xyz.c:1:
In function ‘strcpy’,
inlined from ‘main’ at xyz.c:5:3:
/usr/include/bits/string3.h:104:10: warning: call to __builtin___memcpy_chk
will always overflow destination buffer
return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2
-O2 -Wall -Wextra -Wpedantic xyz.o
+ for lto in ''\'''\''' -flto
+ /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2
-O2 -Wall -Wextra -Wpedantic -c -flto xyz.c
+ /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -D_FORTIFY_SOURCE=2
-O2 -Wall -Wextra -Wpedantic -flto xyz.o
