https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85310
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> --- (In reply to Kees Cook from comment #4) > But it's optimizing away the check. That what undefined means. > If strlen() were suddenly acting like > strnlen(), that'd be one thing, but the return value from strlen() is being > used by the memcpy() without the actual test in between. That's not sensible. It is undefined if strlen reads past an array bounds, so in theory it could have zero'ed out your whole hard drive and sent your boss an email saying you quit.
