https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123801
Bug ID: 123801
Summary: [12/13/14/15/16 Regression] Wstringop-overflow false
positive since r12-4240
Product: gcc
Version: 16.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: siddhesh at gcc dot gnu.org
Target Milestone: ---
Reproducer:
$ cat > waccess-bug.c
#define SIZE 8
struct probe_144795_locals *probe_144795_l;
void strlcpy (char *, const char *, long)
__attribute__ ((__access__ (__write_only__, 1, 3)));
struct probe_144795_locals
{
union
{
struct
{
char __tmp7[SIZE];
int __tmp10;
int __tmp11;
};
struct
{
char __tmp15[SIZE];
char __tmp16[SIZE];
};
};
};
void probe_144795(const char *in)
{
probe_144795_l->__tmp10 = probe_144795_l->__tmp11 = 0;
strlcpy (probe_144795_l->__tmp16, in, SIZE);
}
$ gcc -c ~/waccess-bug.c -O2 -Werror=stringop-overflow
waccess-bug.c: In function ‘probe_144795’:
waccess-bug.c:29:3: error: ‘strlcpy’ writing 8 bytes into a region of size 4
overflows the destination [-Werror=stringop-overflow=]
29 | strlcpy (probe_144795_l->__tmp16, in, SIZE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
waccess-bug.c:15:15: note: destination object ‘__tmp10’ of size 4
15 | int __tmp10;
| ^~~~~~~
waccess-bug.c:5:6: note: in a call to function ‘strlcpy’ declared with
attribute ‘access (write_only, 1, 3)’
5 | void strlcpy (char *, const char *, long)
| ^~~~~~~
cc1.r12-4240: all warnings being treated as errors
It looks like the vectorizer confuses the waccess pass, where it assumes that
the strlcpy destination is __tmp10 when it actually is __tmp16. Passing
-fno-tree-vectorize silences the warning.
