On 04/20/2017 04:49 PM, Martin Sebor wrote:
PR libstdc++/54924 - Warn for std::string constructor with wrong
size asks for a warning when constructing a std::string from
a character array and a number of elements that's in excess of
the number of elements. E.g.,
std::string s ("abc", 7);
PR middle-end/79234 - warn on past the end reads by library functions
is a more general enhancement that suggests warning for calls to any
standard library functions that read past the end of a provided array.
For example:
char a[8];
memcpy (a, "abcdef", sizeof a);
The attached patch extends the -Wstringop-overflow warning to also
detect and warn for reading past the end in memcmp, memchr, memcpy,
and mempcpy. The patch doesn't handle memmove because there's
a separate bug for -Wstringop-overflow not handling the function.
A patch for it was submitted in January and deferred to GCC 8:
https://gcc.gnu.org/ml/gcc-patches/2017-01/msg01994.html
Although the patch handles the std::string case fine the warning
for it is suppressed by -Wsystem-headers. There's also a separate
bug for that (bug 79214) and a patch for it was submitted back in
January and deferred to GCC 8:
https://gcc.gnu.org/ml/gcc-patches/2017-01/msg01994.html
Note I just ack'd the deferred patch noted above.
Martin
gcc-79234.diff
PR libstdc++/54924 - Warn for std::string constructor with wrong size
PR middle-end/79234 - warn on past the end reads by library functions
gcc/ChangeLog:
PR middle-end/79234
* builtins.c (check_sizes): Adjust to handle reading past the end.
Avoid printing excessive upper bound of ranges.
(expand_builtin_memchr): New function.
(compute_dest_size): Rename...
(compute_objsize): ...to this.
(expand_builtin_memcpy): Adjust.
(expand_builtin_mempcpy): Adjust.
(expand_builtin_strcat): Adjust.
(expand_builtin_strcpy): Adjust.
(check_strncat_sizes): Adjust.
(expand_builtin_strncat): Adjust.
(expand_builtin_strncpy): Adjust and simplify.
(expand_builtin_memset): Adjust.
(expand_builtin_bzero): Adjust.
(expand_builtin_memcmp): Adjust.
(expand_builtin): Handle memcmp.
(maybe_emit_chk_warning): Check strncat just once.
gcc/testsuite/ChangeLog:
PR middle-end/79234
* gcc.dg/builtin-stringop-chk-8.c: New test.
* gcc.dg/builtin-stringop-chk-1.c: Adjust.
* gcc.dg/builtin-stringop-chk-4.c: Same.
* gcc.dg/builtin-strncat-chk-1.c: Same.
* g++.dg/ext/strncpy-chk1.C: Same.
* g++.dg/torture/Wsizeof-pointer-memaccess1.C: Same.
* gcc.dg/out-of-bounds-1.c: Same.
* gcc.dg/pr78138.c: Same.
* gcc.dg/torture/Wsizeof-pointer-memaccess1.c: Same.
* gfortran.dg/mvbits_7.f90: Same.
diff --git a/gcc/builtins.c b/gcc/builtins.c
index f3bee5b..892f576 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -3044,10 +3045,10 @@ expand_builtin_memcpy_args (tree dest, tree src, tree
len, rtx target, tree exp)
MAXLEN is the user-supplied bound on the length of the source sequence
(such as in strncat(d, s, N). It specifies the upper limit on the number
of bytes to write.
- STR is the source string (such as in strcpy(d, s)) when the epxression
+ SRC is the source string (such as in strcpy(d, s)) when the epxression
s/epxression/expression
OK with the nit fixed.
jeff
