On 8/28/20 11:12 AM, Martin Sebor via Gcc-patches wrote: > The gimple_call_alloc_size() function that determines the range > of sizes of allocated objects and constrains the bounds in calls > to functions like memcpy calls get_range() instead of > get_size_range() to obtain its result. The latter is the right > function to call because it has the necessary logic to constrain > the range to just the values that are valid for object sizes. > This is especially useful when the range is the result of > a conversion from a signed to a wider unsigned integer where > the upper subrange is excessive and can be eliminated such as in: > > char* f (int n) > { > if (n > 8) > n = 8; > char *p = malloc (n); > strcpy (p, "0123456789"); // buffer overflow > ... > } > > Attached is a fix that lets -Wstringop-overflow diagnose the buffer > overflow above. Besides with GCC I have also tested the change by > building Binutils/GDB and Glibc and verifying that it doesn't > introduce any false positives. > > Martin > > gcc-92942.diff > > PR middle-end/92942 - missing -Wstringop-overflow for allocations with a > negative lower bound size > > gcc/ChangeLog: > > PR middle-end/92942 > * builtins.c (gimple_call_alloc_size): Call get_size_range instead > of get_range. > * calls.c (get_size_range): Define new overload. Handle anti-ranges > whose upper part is with the valid size range. > * calls.h (get_size_range): Declare new overload. > > gcc/testsuite/ChangeLog: > > PR middle-end/92942 > * gcc.dg/Wstringop-overflow-40.c: New test. > * gcc.dg/Wstringop-overflow-41.c: New test. > * gcc.dg/attr-alloc_size-10.c: Disable macro tracking.
Please re-rest and once re-validated, this is fine for the trunk. jeff