Ping: https://gcc.gnu.org/pipermail/gcc-patches/2020-August/552903.html
On 8/28/20 11:12 AM, Martin Sebor wrote:
The gimple_call_alloc_size() function that determines the range of sizes of allocated objects and constrains the bounds in calls to functions like memcpy calls get_range() instead of get_size_range() to obtain its result. The latter is the right function to call because it has the necessary logic to constrain the range to just the values that are valid for object sizes. This is especially useful when the range is the result of a conversion from a signed to a wider unsigned integer where the upper subrange is excessive and can be eliminated such as in: char* f (int n) { if (n > 8) n = 8; char *p = malloc (n); strcpy (p, "0123456789"); // buffer overflow ... } Attached is a fix that lets -Wstringop-overflow diagnose the buffer overflow above. Besides with GCC I have also tested the change by building Binutils/GDB and Glibc and verifying that it doesn't introduce any false positives. Martin