[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gcc-bugs
Subject:    [Bug middle-end/79220] missing -Wstringop-overflow= on a memcpy overflow with a small power-of-2 siz
From:       "msebor at gcc dot gnu.org" <gcc-bugzilla () gcc ! gnu ! org>
Date:       2017-09-30 16:12:08
Message-ID: bug-79220-4-CoWpQALlkA () http ! gcc ! gnu ! org/bugzilla/
[Download RAW message or body]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79220

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|missing                     |missing
                   |-Wstringop-overflow= on a   |-Wstringop-overflow= on a
                   |memcpy overflow             |memcpy overflow with a
                   |                            |small power-of-2 size

--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The cause is of the missing warning is the folder
(gimple_fold_builtin_memory_op in gimple-fold.c) folding all copies with
power-of-two sizes less than MOVE_MAX, with no checking (see below).  MOVE_MAX
is typically 8 or 8 but on some targets, including x86_64, it's as much as 16. 
Although some basic simple checking could be done there, e.g., on arrays of
known size, the folder runs before the full object size information is
available and deferring the folding until it apparently isn't desirable.

      /* If we can perform the copy efficiently with first doing all loads
         and then all stores inline it that way.  Currently efficiently
         means that we can load all the memory into a single integer
         register which is what MOVE_MAX gives us.  */
      src_align = get_pointer_alignment (src);
      dest_align = get_pointer_alignment (dest);
      if (tree_fits_uhwi_p (len)
          && compare_tree_int (len, MOVE_MAX) <= 0
          /* ???  Don't transform copies from strings with known length this
             confuses the tree-ssa-strlen.c.  This doesn't handle
             the case in gcc.dg/strlenopt-8.c which is XFAILed for that
             reason.  */
          && !c_strlen (src, 2))
        {
          unsigned ilen = tree_to_uhwi (len);
          if (pow2p_hwi (ilen))
            {=
[prev in list] [next in list] [prev in thread] [next in thread]