https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92307
Bug ID: 92307
Summary: missing -Wstringop-overflow on a memcpy into an array
with out-of-bounds variable offset
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
Even with PR89427 resolved, GCC still fails to detect the invalid accesses in
the functions below (_FORTIFY_SOURCE doesn't help because it doesn't try to
detect sizes from pointers involving variable offsets):
$ cat x.c && gcc -O2 -S -Wall x.c
char a[2];
void f (int i, const char *s)
{
if (i < 1 || 2 < i) i = 1;
char *p = &a[i] - 9;
__builtin_memcpy (p, s, 2); // writing before the beginning of a
}
void g (int i, const char *s)
{
if (i < 1 || 2 < i) i = 1;
char *p = &a[i] + 9;
__builtin_memcpy (p, s, 2); // writing past the end of a
}
