https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78760
Bug ID: 78760
Summary: strcpy buffer overflow not diagnosed with
-Wstringop-overflow
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
With the new -Wstringop-overflow option GCC diagnoses the more involved buffer
overflow in function foo() but misses the more straightforward case of the same
overflow in bar(). This because the second call to __builtin_strcpy is
transformed into __builtin_memcpy by one of the optimization passes, apparently
without regard to the possibility of overflow.
$ cat x.C && gcc -O2 -S -Wstringop-overflow=2 x.C
struct S {
char a[3];
void (*pf)(void);
};
void foo (struct S *s, int i)
{
const char *str = i ? "1234578" : "87654321";
__builtin_strcpy (s->a, str);
}
void bar (struct S *s, int i)
{
const char *str = "1234578";
__builtin_strcpy (s->a, str); // missing -Wstringop-overflow
}
x.C: In function ‘void foo(S*, int)’:
x.C:9:31: warning: ‘char* __builtin_strcpy(char*, const char*)’ writing 8 bytes
into a region of size 3 overflows the destination [-Wstringop-overflow=]
__builtin_strcpy (s->a, str);
^
