https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100395
Bug ID: 100395
Summary: Bogus -Wstringop-overflow warning
Product: gcc
Version: 10.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: lavr at ncbi dot nlm.nih.gov
Target Milestone: ---
$ gcc --version
gcc (GCC) 10.2.0
$ cat test.c
#include <stdio.h>
#include <string.h>
int main(int argc, const char* argv[])
{
size_t len0 = strlen(argv[0]), len1 = strlen(argv[1]);
char buf[444];
char* s;
s = buf + sizeof(buf) - len0;
memcpy(s, argv[0], len0);
s -= len1;
memcpy(--s, argv[1], len1);
s[len1++] = ' ';
printf("%.*s\n", (int)(len0 + len1), s);
return 0;
}
$ gcc -O2 -Wall test.c
test.c: In function ‘main’:
test.c:14:15: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
14 | s[len1++] = ' ';
| ~~~~~~~~~~^~~~~
test.c:7:10: note: at offset -1 to object ‘buf’ with size 444 declared here
7 | char buf[444];
| ^~~
The offset shown in the message is wrong, which most likely was the reason to
emit the warning altogether.
The test code above mocks up a situation where the lengths of both strings,
which are being copied in the reverse order into "buf", are known and small,
i.e. both fit (a few times, actually) together into the buffer, including the
separator and terminator.
