https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msebor at gcc dot gnu.org Status|UNCONFIRMED |NEW Ever confirmed|0 |1 Last reconfirmed| |2021-11-10 Keywords| |diagnostic Blocks| |88781 --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- Confirmed. The warning here is the result of the limits of the representation GCC uses for the source argument. The warning sees the following IL: strncpy (&dest, &MEM <char[32]> [(void *)&data], 32); and uses the size of data as the upper bound on the length of the string stored in it. That obviously doesn't correspond to the source code which is more closely represented by this IL: j = 0; _1 = &data[j].name; strncpy (&dest, _1, 32); But as the IL changes from the original representation above to the &MEM thing to make it easier for optimizers to work with, it loses that important detail and causes the false positive. The "fix" is to either try to undo the IL change and reconstruct the original (which is never going to be perfect) or to run the warnings on the IL before it loses the important detail. The latter will mean that the warning will not benefit from some of the optimizing transformations that depend on the MEM representation. All solutions involve trade-offs between false positives and false negatives. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88781 [Bug 88781] [meta-bug] bogus/missing -Wstringop-truncation warnings