https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
ibuclaw at gcc dot gnu.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ibuclaw at gcc dot gnu.org Assignee|dmalcolm at gcc dot gnu.org |ibuclaw at gcc dot gnu.org Component|analyzer |d --- Comment #10 from ibuclaw at gcc dot gnu.org --- Nice, thanks for pointing me to specifically where analyzer was tripping over David. I think I can take over this PR from here. --- oob.d: In function ‘D main’: oob.d:5:11: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds] 5 | strcpy(arr.ptr, "hello world"); | ^ ‘D main’: events 1-4 | | 4 | char[5] arr; | | ^ | | | | | (1) capacity: 5 bytes | | (2) following ‘false’ branch... | | (3) ...to here | 5 | strcpy(arr.ptr, "hello world"); | | ~ | | | | | (4) out-of-bounds write from byte 5 till byte 11 but ‘arr’ ends at byte 5 | oob.d:5:11: note: write of 7 bytes to beyond the end of ‘arr’ 5 | strcpy(arr.ptr, "hello world"); | ^ oob.d:5:11: note: valid subscripts for ‘arr’ are ‘[0]’ to ‘[4]’ ┌─────┬─────┬─────┬─────┬───────┐┌─────┬─────┬─────┬────┬────┬────┬────┐ │ [0] │ [1] │ [2] │ [3] │ [4] ││ [5] │ [6] │ [7] │[8] │[9] │[10]│[11]│ ├─────┼─────┼─────┼─────┼───────┤├─────┼─────┼─────┼────┼────┼────┼────┤ │ ‘h’ │ ‘e’ │ ‘l’ │ ‘l’ │ ‘o’ ││ ‘ ’ │ ‘w’ │ ‘o’ │‘r’ │‘l’ │‘d’ │NUL │ ├─────┴─────┴─────┴─────┴───────┴┴─────┴─────┴─────┴────┴────┴────┴────┤ │ string literal (type: ‘const char[12]’) │ └──────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ v v v v v v v v v v v v ┌─────┬─────────────────┬───────┐┌─────────────────────────────────────┐ │ [0] │ ... │ [4] ││ │ ├─────┴─────────────────┴───────┤│ after valid range │ │ ‘arr’ (type: ‘char[5]’) ││ │ └───────────────────────────────┘└─────────────────────────────────────┘ ├───────────────┬───────────────┤├──────────────────┬──────────────────┤ │ │ ╭────────┴────────╮ ╭───────────┴──────────╮ │capacity: 5 bytes│ │⚠️ overflow of 7 bytes│ ╰─────────────────╯ ╰──────────────────────╯