https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80346
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2017-04-06 CC| |msebor at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- Confirmed with the top of trunk. The __builtin_constant_p call makes the difference. The following is a small test case showing that the invalid memcpy call is, in fact, emitted by GCC. This isn't the same issue as bug 79095. Beyond the warning GCC doesn't "know" that memcpy(d, s, -1) is unavoidably invalid. $ cat b.c && gcc -O2 -S -Wall -Wextra -Wpedantic -fdump-tree-optimized=/dev/stdout b.c typedef __SIZE_TYPE__ size_t; void f (void *d, const char *s, size_t a, size_t b) { if (__builtin_constant_p (a) && a <= b) __builtin_memcpy (d, s, a); } void g (void *d, const char *s, size_t b) { f (d, s, -1, b); } ;; Function f (f, funcdef_no=0, decl_uid=1799, cgraph_uid=0, symbol_order=0) f (void * d, const char * s, size_t a, size_t b) { <bb 2> [100.00%]: return; } ;; Function g (g, funcdef_no=1, decl_uid=1804, cgraph_uid=1, symbol_order=1) Removing basic block 5 g (void * d, const char * s, size_t b) { <bb 2> [100.00%]: if (b_4(D) == 18446744073709551615) goto <bb 3>; [22.95%] else goto <bb 4>; [77.05%] <bb 3> [22.95%]: __builtin_memcpy (d_2(D), s_3(D), 18446744073709551615); [tail call] <bb 4> [100.00%]: return; } In function ‘f’, inlined from ‘g’ at b.c:11:3: b.c:6:5: warning: ‘__builtin_memcpy’: specified size 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] __builtin_memcpy (d, s, a); ^~~~~~~~~~~~~~~~~~~~~~~~~~