Some constructs cause gcc to warn as always causing a buffer overflow incorrectly. For example, this is a minimalistic version of a warning found in wine-1.3.2:
---------- #include <string.h> #include <stdlib.h> #include <stdint.h> struct T { union { struct { char str[1]; } x; } u; }; int main() { struct T *p = malloc(sizeof(char) * 100); strcpy(p->u.x.str, "ABCD"); return 0; } ---------- This is a slightly obfuscated version of the struct hack and is clearly not a buffer overflow. Yet compiling with: "gcc -O2 test.c -o test" results in: In file included from /usr/include/string.h:640:0, from test.c:2: In function 'strcpy', inlined from 'main' at test.c:16:8: /usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will always overflow destination buffer -- Summary: strcpy_chk false positive Product: gcc Version: 4.5.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: eteran at alum dot rit dot edu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45669