https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101778
Bug ID: 101778 Summary: bogus -Wstringop-overread on strncmp of a larger array and a shorter string with a large bound Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- In the test case below the call to strncmp() is required to read no more than 3 characters from a regardless of the bound because the length of the string literal is 2. GCC folds the call to strcmp() (which is safe) but then -Wstringop-overread triggers during expansion because at that time the warning doesn't consider the length of the literal as bounding the read from the array. The text of the warning is technically correct but its description in the manual ("Warn for calls to string manipulation functions such as memchr, or strcpy that are determined to read past the end of the source sequence") makes it clear it's a false positive. $ cat b.c && gcc -S -fdump-tree-optimized=/dev/stdout b.c extern int strncmp (const char*, const char*, __SIZE_TYPE__); const char a[3] = "abc"; int f (void) { const char *s = a; return strncmp (s, "12", 4); // bogus warning } ;; Function f (f, funcdef_no=0, decl_uid=1948, cgraph_uid=1, symbol_order=1) int f () { const char * s; int D.1952; int _3; <bb 2> : s_1 = &a; _3 = __builtin_strcmp (s_1, "12"); <bb 3> : <L0>: return _3; } b.c: In function ‘f’: b.c:8:10: warning: ‘__builtin_strcmp’ argument missing terminating nul [-Wstringop-overread] 8 | return strncmp (s, "12", 4); // bogus warning | ^~~~~~~~~~~~~~~~~~~~ b.c:3:12: note: referenced argument declared here 3 | const char a[3] = "abc"; | ^