[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow with a small power-of-2 size

2019-01-18 Thread msebor at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

Martin Sebor  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
  Known to work||9.0
 Resolution|--- |FIXED
   Target Milestone|--- |9.0
  Known to fail||7.3.0, 8.2.0

--- Comment #6 from Martin Sebor  ---
GCC 9 diagnoses both calls with -Warray-bounds.  With it disabled, it then
issues the expected -Wstringop-overflow:

$ gcc -O2 -S -Wno-array-bounds t.c t.c: In function ‘f’:
t.c:7:3: warning: ‘memcpy’ writing 8 bytes into a region of size 3 overflows
the destination [-Wstringop-overflow=]
7 |   memcpy (d, "0123456789", 8);
  |   ^~~
t.c: In function ‘g’:
t.c:12:3: warning: ‘memcpy’ writing 8 bytes into a region of size 3 overflows
the destination [-Wstringop-overflow=]
   12 |   memcpy (d, s, 8);
  |   ^~~~

This was fixed for GCC 9 in r268037.

[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow with a small power-of-2 size

2018-10-10 Thread egallager at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

--- Comment #5 from Eric Gallager  ---
(In reply to Martin Sebor from comment #4)
> As an aside, the -Wstringop-overflow for f() will disappear if/when the
> patch submitted for bug 83508 is committed.
> 

The patch for bug 83508 was committed as r256683

[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow with a small power-of-2 size

2018-01-11 Thread msebor at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

Martin Sebor  changed:

   What|Removed |Added

   See Also||https://gcc.gnu.org/bugzill
   ||a/show_bug.cgi?id=83508

--- Comment #4 from Martin Sebor  ---
In GCC 8.0 the overflow is diagnosed in both functions.  In f() by
-Wstringop-overflow as before, and in both functions (perhaps surprisingly) by
the newly enhanced -Warray-bounds warning (r255755).  There is still no
-Wstringop-overflow for g() so the limitation hasn't really been removed yet
and this bug should stay open until it is, and until the overflow in g() is
diagnosed -Wstringop-overflow when -Warray-bounds is disabled.

As an aside, the -Wstringop-overflow for f() will disappear if/when the patch
submitted for bug 83508 is committed.

pr79220.c: In function ‘g’:
pr79220.c:12:3: warning: ‘memcpy’ forming offset [4, 8] is out of the bounds
[0, 3] of object ‘d’ with type ‘char[3]’ [-Warray-bounds]
   memcpy (d, s, 8);
   ^~~~
pr79220.c:3:6: note: ‘d’ declared here
 char d[3];
  ^
pr79220.c: In function ‘f’:
pr79220.c:7:3: warning: ‘memcpy’ forming offset [4, 8] is out of the bounds [0,
3] of object ‘d’ with type ‘char[3]’ [-Warray-bounds]
   memcpy (d, "0123456789", 8);
   ^~~
pr79220.c:3:6: note: ‘d’ declared here
 char d[3];
  ^
pr79220.c:7:3: warning: ‘memcpy’ writing 8 bytes into a region of size 3
overflows the destination [-Wstringop-overflow=]
   memcpy (d, "0123456789", 8);
   ^~~

[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow with a small power-of-2 size

2017-09-30 Thread msebor at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

Martin Sebor  changed:

   What|Removed |Added

Summary|missing |missing
   |-Wstringop-overflow= on a   |-Wstringop-overflow= on a
   |memcpy overflow |memcpy overflow with a
   ||small power-of-2 size

--- Comment #3 from Martin Sebor  ---
The cause is of the missing warning is the folder
(gimple_fold_builtin_memory_op in gimple-fold.c) folding all copies with
power-of-two sizes less than MOVE_MAX, with no checking (see below).  MOVE_MAX
is typically 8 or 8 but on some targets, including x86_64, it's as much as 16. 
Although some basic simple checking could be done there, e.g., on arrays of
known size, the folder runs before the full object size information is
available and deferring the folding until it apparently isn't desirable.

  /* If we can perform the copy efficiently with first doing all loads
 and then all stores inline it that way.  Currently efficiently
 means that we can load all the memory into a single integer
 register which is what MOVE_MAX gives us.  */
  src_align = get_pointer_alignment (src);
  dest_align = get_pointer_alignment (dest);
  if (tree_fits_uhwi_p (len)
  && compare_tree_int (len, MOVE_MAX) <= 0
  /* ???  Don't transform copies from strings with known length this
 confuses the tree-ssa-strlen.c.  This doesn't handle
 the case in gcc.dg/strlenopt-8.c which is XFAILed for that
 reason.  */
  && !c_strlen (src, 2))
{
  unsigned ilen = tree_to_uhwi (len);
  if (pow2p_hwi (ilen))
{

[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow

2017-08-29 Thread egallager at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

Eric Gallager  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2017-08-30
 CC||egallager at gcc dot gnu.org
 Ever confirmed|0   |1

--- Comment #2 from Eric Gallager  ---
Confirmed.

[Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow

2017-01-24 Thread msebor at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

Martin Sebor  changed:

   What|Removed |Added

   Keywords||diagnostic
   Host||77799

--- Comment #1 from Martin Sebor  ---
See also bug 77799 for a similar problem involving sprintf.