https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92942
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Target Milestone|--- |11.0
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=97342
Status|ASSIGNED |RESOLVED
--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
The patch referenced in comment #2 was never reviewed but the bug was resolved
by the improvements to compute_objsize() committed as part of the fix for
pr97342. GCC 11 detects both buffer overflows:
$ gcc -O2 -S -Wall pr92942.c
pr92942.c: In function ‘f’:
pr92942.c:10:3: warning: ‘__builtin_memcpy’ writing 6 bytes into a region of
size between 0 and 3 [-Wstringop-overflow=]
10 | strcpy (p, "12345"); // buffer overflow detected
| ^~~~~~~~~~~~~~~~~~~
pr92942.c:9:13: note: at offset 0 to an object with size at most 3 allocated by
‘malloc’ here
9 | void *p = malloc (n);
| ^~~~~~~~~~
pr92942.c: In function ‘g’:
pr92942.c:20:3: warning: ‘__builtin_memcpy’ writing 6 bytes into a region of
size between 0 and 3 [-Wstringop-overflow=]
20 | strcpy (p, "12345"); // buffer overflow not detected
| ^~~~~~~~~~~~~~~~~~~
pr92942.c:19:13: note: at offset 0 to an object with size at most 3 allocated
by ‘malloc’ here
19 | void *p = malloc (n);
| ^~~~~~~~~~
