[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[msebor at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

Martin Sebor  changed:

   What|Removed |Added

   Assignee|msebor at gcc dot gnu.org  |unassigned at gcc dot 
gnu.org
 Status|ASSIGNED|NEW
 CC|msebor at gcc dot gnu.org  |

--- Comment #7 from Martin Sebor  ---
I'm no longer working on this.

[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[rangel_fischer at yahoo dot com.br via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

--- Comment #6 from Rangel Moreira Fischer  
---
When Compiler Optimization Level: Debug(-Og).
Compile OK.

When Compiler Optimization Level: Optimize for performance(-O2).
Compile Error.

[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[rangel_fischer at yahoo dot com.br via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

--- Comment #5 from Rangel Moreira Fischer  
---
I am using esp-idf sdk. I think gcc version is 8.4.0.

[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[rangel_fischer at yahoo dot com.br via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

Rangel Moreira Fischer  changed:

   What|Removed |Added

 CC||rangel_fischer at yahoo dot 
com.br

--- Comment #4 from Rangel Moreira Fischer  
---
Same problem too.

static void write_my_message( char* message, size_t max_message_size, char*
my_message )
{
size_t messag_len = strlen(my_message) + 1;

if( messag_len > max_message_size )
{
// trunc message
strncpy(message, my_message, max_message_size - 1);  // ex:
max_message_size = max buf size = 50(0 to 49). 0 to 48 = 49
elements(max_message_size - 1). 
message[max_message_size - 1] = '\0';  // message[50-1] = message[49] =
'\0'.
}
else
{
strncpy(message, my_message, messag_len);
} 
}


In function 'write_my_message':

error: 'strncpy' specified bound depends on the length of the source argument
[-Werror=stringop-overflow=]

strncpy(message, my_message, messag_len);
^~~~

note: length computed here
size_t messag_len = strlen(my_message) + 1;
^~

[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

Martin Sebor  changed:

   What|Removed |Added

 Status|RESOLVED|ASSIGNED
   Last reconfirmed|2018-11-16 00:00:00 |2019-07-02
 Blocks||83819
 Resolution|WONTFIX |---
   Assignee|unassigned at gcc dot gnu.org  |msebor at gcc dot 
gnu.org
 Ever confirmed|0   |1

--- Comment #3 from Martin Sebor  ---
The warning isn't wrong -- the strncpy bound does depend on the length of the
source argument.  But I agree that it isn't helpful.  As I mentioned in comment
#1 there may be a way to avoid it in a subset of instances but it requires some
non-trivial changes.  At a minimum these come to mind:

1) track the size of the memory allocated either by malloc or alloca/VLAs
2) look at the next statement to see if it appends the terminating nul without
assuming the strncpy call itself appended it

That said, (2) already exists, albeit to a limited extent, so it needs to be
extended to other places.  (1) would be useful for many other things (e.g.,
detection of heap buffer overflow or reading from uninitialized heap memory). 
It's something I'm already planning to work on in any case, so I'll see if I
can deal with this as well.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83819
[Bug 83819] [meta-bug] missing strlen optimizations

[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[molli.bender at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

Moritz Bender  changed:

   What|Removed |Added

 CC||molli.bender at gmail dot com

--- Comment #2 from Moritz Bender  ---
I don't know whether this comment will ever be read, but I'd like to add that I
have the same problem with strncpy incorrectly getting the "warning: 'strncpy'
specified bound depends on the length of the source argument". I do believe
that this warning is wrong in the case that the destination buffer is also
dependant on the strlen of the source string.

Assume the following code:


char my_string[strlen(argv[1] - 1)];
strncpy(my_string, argv[1], strlen(argv[1]) - 5);
memcpy(_string[strlen(argv[1]) - 5], ".7z", 4);
printf("my string: %s\n", my_string);

This code will generate the mentioned warning, although I don't think it
should. I HAVE to use strlen to achieve what I want to; this is a relatively
common use case. I know I can use memcpy instead of the strncpy, but regarding
that her I'm just dealing with strings I'd rather use strncpy.

[Bug middle-end/88059] Spurious stringop-overflow warning with strlen, malloc and strncpy

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88059

Martin Sebor  changed:

   What|Removed |Added

   Keywords||diagnostic
 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Martin Sebor  ---
The warning is by design.  Quoting a comment from the code, it "triggers for
LEN arguments that in any meaningful way depend on strlen(SRC)."

The warning in these cases is designed to detect the following anti-pattern:

  strncpy (dest, src, strlen (src));

The code in the test case in comment #0 happens to be safe but calling strncpy
in this instance is not the intended use of the API: when the size of the
destination is known to be sufficient for the copy, the strcpy function is more
appropriate.

It might be possible to avoid the warning for a subset of these safe cases by
trying to also determine whether DEST depends on LEN in the same way as LEN
depends on SRC but in light of the above it doesn't seem worth the effort.