https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92814
Bug ID: 92814
Summary: missing -Wstringop-overflow writing into a dynamically
allocated flexible array member
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
With the first patch for pr91582 applied
(https://gcc.gnu.org/ml/gcc-patches/2019-11/msg00652.html) and with
-Wno-array-bounds, GCC 10 issues -Wstringop-overflow for the buffer overflow in
g() but not in h(). Both should be diagnosed by -Wstringop-overflow.
$ cat t.c && gcc -O2 -S -Wall -Wno-array-bounds t.c
void f (void*);
struct S { int n; char ax[]; };
struct S s = { 3, { 1, 2, 3 } };
void g (void)
{
__builtin_strcpy (s.ax, "123"); // -Wstringop-overflow (good)
}
void h (void)
{
struct S *p = (struct S*)__builtin_malloc (sizeof *p + 3);
__builtin_strcpy (p->ax, "123"); // no warning (w/o -Warray-bounds)
f (p);
}
t.c: In function ‘g’:
t.c:9:3: warning: ‘__builtin_memcpy’ writing 4 bytes into a region of size 3
overflows the destination [-Wstringop-overflow=]
9 | __builtin_strcpy (s.ax, "123"); // -Wstringop-overflow (good)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
