https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93266
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The strlen pass sets the range for non-constant strlen results so it can handle
(and make use of) this sort of thing by querying the range of the strlen lhs.
For example, it detects the buffer overflow in the test case below, but not if
the size and length are changed to 1, because of the strlen() == 0 folding.
(This is in the early stages so it doesn't work as well as it should.)
char b[2];
void f (char *a)
{
if (__builtin_strlen (a) < 2)
return;
__builtin_strcpy (b, a);
}
