https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92307
Bug ID: 92307 Summary: missing -Wstringop-overflow on a memcpy into an array with out-of-bounds variable offset Product: gcc Version: 9.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- Even with PR89427 resolved, GCC still fails to detect the invalid accesses in the functions below (_FORTIFY_SOURCE doesn't help because it doesn't try to detect sizes from pointers involving variable offsets): $ cat x.c && gcc -O2 -S -Wall x.c char a[2]; void f (int i, const char *s) { if (i < 1 || 2 < i) i = 1; char *p = &a[i] - 9; __builtin_memcpy (p, s, 2); // writing before the beginning of a } void g (int i, const char *s) { if (i < 1 || 2 < i) i = 1; char *p = &a[i] + 9; __builtin_memcpy (p, s, 2); // writing past the end of a }