https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82645
Bug ID: 82645 Summary: missing -Wstringop-overflow on strcpy overflowing a member array Product: gcc Version: 8.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- GCC fails to issue -Wstringop-overflow for the buffer overflow in the following test case unless it's compiled with -D_FORTIFY_SOURCE=2. The root cause is that compute_builtin_object_size() fails. Ironically, removing the call to sink (p->a) causes the warning to appear even without -D_FORTIFY_SOURCE=2. As an aside, the byte count in the warning issued by GCC 8 (but not 7) with -D_FORTIFY_SOURCE=2 is off by 1. The correct range (between 7 and INT_MAX) is shown in the warning without the sink() call: writing between 7 and 2147483647 bytes into a region of size 5 overflows the destination $ (set -x && cat y.c && gcc -O2 -Wall y.c && gcc -D_FORTIFY_SOURCE=2 -O2 -Wall y.c) + cat y.c #include <string.h> struct S { char a[5]; void (*pf)(void); }; void __attribute__ ((weak)) sink (const char *s) { __builtin_printf ("%.7s\n", s); } void __attribute__ ((weak)) g (struct S *p, int n) { if (n < 7) n = 7; strncpy (p->a, "123456", n); // missing -Wstringop-overflow without -D_FORTIFY_SOURCE sink (p->a); // removing this call triggers the warning } int main (void) { struct S s = { }; g (&s, 7); } + gcc -O2 -Wall y.c + gcc -D_FORTIFY_SOURCE=2 -O2 -Wall y.c In file included from /usr/include/string.h:635:0, from y.c:1: In function ‘strncpy’, inlined from ‘g’ at y.c:16:3: /usr/include/bits/string3.h:126:10: warning: ‘__builtin___strncpy_chk’ writing 6 bytes into a region of size 5 overflows the destination [-Wstringop-overflow=] return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~