https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Other tests:
char *
foo (char *p)
{
{
char q[61] =
"012345678901234567890123456789012345678901234567890123456789";
char *r = q;
p = __builtin_strcat (p, r);
}
return p;
}
char *
bar (char *p)
{
{
char q[] = "0123456789";
char *r = q;
p = __builtin_strstr (p, r);
}
return p;
}
char *
baz (char *p)
{
{
char q[] = "0123456789";
char *r = q;
p = __builtin_strpbrk (p, r);
}
return p;
}
unsigned long
qux (char *p)
{
unsigned long s;
{
char q[] = "0123456789";
char *r = q;
s = __builtin_strspn (p, r);
}
return s;
}
There is false positive warning on foo and bar and not on baz/qux.
Using q directly in the builtin calls doesn't result in a warning though.
I wanted to suggest that pass_waccess::check_call_dangling would add support
for
ERF_RETURNS_ARG functions (ignore all arguments but the one that is returned)
and similarly handle various builtins that guarnatee certain arguments don't
really escape like in addition to those ERF_RETURNS_ARG ones mempcpy, strcat,
strncat, strpbrk, strstr, strspn, strcspn for which only something based on the
first argument can be returned (for strspn/strcspn based on no argument).
But apparently that function doesn't do anything on these testcases because &q
isn't passed to it.
