https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83343
Bug ID: 83343 Summary: missing -Wstringop-overflow on writing via stpncpy return value Product: gcc Version: 8.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- In the following test case, although the call to stpncpy() doesn't overflow but because the function returns a pointer just past the end of the destination (i.e., d + sizeof d), assigning a value via the returned pointer does. This bug could be relatively easily detected by the -Wstringop-overflow checker (but, as is evident from the output, isn't, nor is it prevented with _FORTIFY_SOURCE). $ (set -x && cat a.c && for opt in '' -D_FORTIFY_SOURCE=2; do gcc $opt -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c; done) + cat a.c #ifdef _FORTIFY_SOURCE # include <string.h> #endif char* stpncpy (char*, const char*, __SIZE_TYPE__); char d[8]; void f (const char *s) { *stpncpy (d, s, sizeof d) = 0; } + for opt in ''\'''\''' -D_FORTIFY_SOURCE=2 + gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c ;; Function f (f, funcdef_no=0, decl_uid=1897, cgraph_uid=0, symbol_order=1) f (const char * s) { char * _1; <bb 2> [local count: 1073741825]: _1 = stpncpy (&d, s_3(D), 8); *_1 = 0; return; } + for opt in ''\'''\''' -D_FORTIFY_SOURCE=2 + gcc -D_FORTIFY_SOURCE=2 -O2 -S -Wall -fdump-tree-optimized=/dev/stdout a.c ;; Function f (f, funcdef_no=14, decl_uid=2192, cgraph_uid=14, symbol_order=15) f (const char * s) { char * _4; <bb 2> [local count: 1073741825]: _4 = __stpncpy_alias (&d, s_2(D), 8); *_4 = 0; return; }