Some constructs cause gcc to warn as always causing a buffer overflow
incorrectly. For example, this is a minimalistic version of a warning found in
wine-1.3.2:
----------
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
struct T {
union {
struct {
char str[1];
} x;
} u;
};
int main() {
struct T *p = malloc(sizeof(char) * 100);
strcpy(p->u.x.str, "ABCD");
return 0;
}
----------
This is a slightly obfuscated version of the struct hack and is clearly not a
buffer overflow. Yet compiling with: "gcc -O2 test.c -o test" results in:
In file included from /usr/include/string.h:640:0,
from test.c:2:
In function 'strcpy',
inlined from 'main' at test.c:16:8:
/usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will
always overflow destination buffer
--
Summary: strcpy_chk false positive
Product: gcc
Version: 4.5.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: eteran at alum dot rit dot edu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45669
