https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89977
Bug ID: 89977
Summary: missing -Wstringop-overflow with an out-of-bounds
int128_t range
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
Additional testing of the patch for pr89957 exposed the following:
GCC diagnoses the buffer overflow in f() below but fails to diagnose the same
buffer overflow in g(). The get_range_info() function returns VR_VARYING for
the int128_t variable in g().
$ cat z.c && gcc -S -O2 -Wall -Wextra -fdump-tree-optimized=/dev/stdout z.c
char a[3];
__attribute__ ((noipa))
void f (int n)
{
if (n < 7)
n = 7;
__builtin_memset (a, 0, n);
}
__attribute__ ((noipa))
void g (__int128_t n)
{
if (n < 7)
n = 7;
__builtin_memset (a, 0, n);
}
z.c: In function ‘f’:
z.c:8:3: warning: ‘__builtin_memset’ forming offset [4, 7] is out of the bounds
[0, 3] of object ‘a’ with type ‘char[3]’ [-Warray-bounds]
8 | __builtin_memset (a, 0, n);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
z.c:1:6: note: ‘a’ declared here
1 | char a[3];
| ^
;; Function f (f, funcdef_no=0, decl_uid=1907, cgraph_uid=1, symbol_order=1)
__attribute__((noipa, noinline, noclone, no_icf))
f (int n)
{
long unsigned int _1;
<bb 2> [local count: 1073741824]:
n_3 = MAX_EXPR <n_2(D), 7>;
_1 = (long unsigned int) n_3;
__builtin_memset (&a, 0, _1); [tail call]
return;
}
;; Function g (g, funcdef_no=1, decl_uid=1910, cgraph_uid=2, symbol_order=2)
__attribute__((noipa, noinline, noclone, no_icf))
g (__int128 n)
{
long unsigned int _1;
<bb 2> [local count: 1073741824]:
n_3 = MAX_EXPR <n_2(D), 7>;
_1 = (long unsigned int) n_3;
__builtin_memset (&a, 0, _1); [tail call]
return;
}
