11 Regression] -Wstringop-overflow false positive due to using MEM_REF type of &MEM

mostlyaspambox at protonmail dot com via Gcc-bugs Mon, 26 Oct 2020 11:31:36 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87296


mostlyaspambox at protonmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mostlyaspambox at protonmail 
dot c
                   |                            |om

--- Comment #9 from mostlyaspambox at protonmail dot com ---
I think I've also hit this or a variation of it with the following reproducer:

```
#include <string.h>
#include <algorithm>
#include <assert.h>
#include <array>

struct Base1
{
    char arr[5];
};

struct Base2
{
    char arr[25];
};

struct A : Base1, Base2
{
};

extern const char* str;

void f(A& a)
{
    Base1& base1 = a;
    std::fill(std::begin(base1.arr), std::end(base1.arr), ' ');
    Base2& base2 = a;
    strncpy(reinterpret_cast<char*>(&base2), str, 6);
}

int main()
{
    A a{};
    f(a);
}
```

If `a` is created inside `f` instead of passed in by reference, there is no
error.

When compiled with `g++ -std=c++11 -O2 -Wall -Wextra -fno-strict-aliasing
-fwrapv -fno-aggressive-loop-optimizations -fsanitize=undefined` on x86-64 with
gcc 8.1 this prints:

test.cpp:27:12: warning: 'char* strncpy(char*, const char*, size_t)' writing 6
bytes into a region of size 5 overflows the destination [-Wstringop-overflow=]

     strncpy(reinterpret_cast<char*>(&base2), str, 6);

     ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If `str` in the strncpy call is replaced with a string literal, there is the
same warning unless the literal has length 6 including the null terminator.

[Bug middle-end/87296] [8/9/10/11 Regression] -Wstringop-overflow false positive due to using MEM_REF type of &MEM

Reply via email to