[Bug middle-end/98484] New: missing -Wstringop-overflow on a multiply inlined calls from system header

Wed, 30 Dec 2020 14:29:15 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98484

            Bug ID: 98484
           Summary: missing -Wstringop-overflow on a multiply inlined
                    calls from system header
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

GCC 11 diagnoses invalid accesses by built-in functions like memcpy made in
inlined calls to functions defined in system headers, but apparently only for a
single level of inlining.  When the function that does the invalid access is
itself called from another inline function it isn't diagnosed.  (I noticed this
while looking into pr98465.)

$ cat b.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout b.c
# 1 "a.h" 1 3 4
# 2 "a.h" 3 4
static inline void f0 (void *p)
{
  __builtin_memcpy (p, "12345678", 8);
}

static inline void f1 (void *p)
{
  f0 (p);
}

# 1 "b.c" 1

static inline void f2 (void *p)
{
  f0 (p);
}

extern char a[8];

void g0 (void)
{
  f0 (a + 4);   // missing warning
}

void g1 (void)
{
  f1 (a + 4);   // missing warning
}


void g2 (void)
{
  f2 (a + 4);   // missing warning
}


;; Function g0 (g0, funcdef_no=3, decl_uid=1953, cgraph_uid=4, symbol_order=3)

void g0 ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&MEM <char[8]> [(void *)&a + 4B], "12345678", 8); [tail
call]
  return;

}


In file included from b.c:1:
In function ‘f0’,
    inlined from ‘g0’ at b.c:11:3:
a.h:4:3: warning: ‘__builtin_memcpy’ writing 8 bytes into a region of size 4
overflows the destination [-Wstringop-overflow=]
    4 | 
      |   ^                                  
In file included from a.h:12,
                 from b.c:1:
a.h: In function ‘g0’:
b.c:7:13: note: at offset 4 into destination object ‘a’ of size 8
    7 | 
      |             ^

;; Function g1 (g1, funcdef_no=7, decl_uid=1956, cgraph_uid=5, symbol_order=4)

void g1 ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&MEM <char[8]> [(void *)&a + 4B], "12345678", 8); [tail
call]
  return;

}



;; Function g2 (g2, funcdef_no=9, decl_uid=1959, cgraph_uid=6, symbol_order=5)

void g2 ()
{
  <bb 2> [local count: 1073741824]:
  __builtin_memcpy (&MEM <char[8]> [(void *)&a + 4B], "12345678", 8); [tail
call]
  return;

}

Reply via email to