https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101778
Bug ID: 101778
Summary: bogus -Wstringop-overread on strncmp of a larger array
and a shorter string with a large bound
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
In the test case below the call to strncmp() is required to read no more than 3
characters from a regardless of the bound because the length of the string
literal is 2. GCC folds the call to strcmp() (which is safe) but then
-Wstringop-overread triggers during expansion because at that time the warning
doesn't consider the length of the literal as bounding the read from the array.
The text of the warning is technically correct but its description in the
manual ("Warn for calls to string manipulation functions such as memchr, or
strcpy that are determined to read past the end of the source sequence") makes
it clear it's a false positive.
$ cat b.c && gcc -S -fdump-tree-optimized=/dev/stdout b.c
extern int strncmp (const char*, const char*, __SIZE_TYPE__);
const char a[3] = "abc";
int f (void)
{
const char *s = a;
return strncmp (s, "12", 4); // bogus warning
}
;; Function f (f, funcdef_no=0, decl_uid=1948, cgraph_uid=1, symbol_order=1)
int f ()
{
const char * s;
int D.1952;
int _3;
<bb 2> :
s_1 = &a;
_3 = __builtin_strcmp (s_1, "12");
<bb 3> :
<L0>:
return _3;
}
b.c: In function ‘f’:
b.c:8:10: warning: ‘__builtin_strcmp’ argument missing terminating nul
[-Wstringop-overread]
8 | return strncmp (s, "12", 4); // bogus warning
| ^~~~~~~~~~~~~~~~~~~~
b.c:3:12: note: referenced argument declared here
3 | const char a[3] = "abc";
| ^
