aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Sebor <msebor@redhat.com>2020-09-23 15:04:32 -0600
committerMartin Sebor <msebor@redhat.com>2020-09-23 15:10:20 -0600
commit6edc8f5bfe7d9db8fb8bd37bb8086a69850c6c6d (patch)
treec64709a3a48fac8d149e61be1ff8144e8ff8025d
parente977dd5edbcc3a3b88c3bd7efa1026c845af7487 (diff)
downloadgcc-6edc8f5bfe7d9db8fb8bd37bb8086a69850c6c6d.zip
gcc-6edc8f5bfe7d9db8fb8bd37bb8086a69850c6c6d.tar.gz
gcc-6edc8f5bfe7d9db8fb8bd37bb8086a69850c6c6d.tar.bz2
Handle DECLs and EXPRESSIONs consistently (PR middle-end/97175).
gcc/ChangeLog: PR middle-end/97175 * builtins.c (maybe_warn_for_bound): Handle both DECLs and EXPRESSIONs in pad->dst.ref, same is pad->src.ref. gcc/testsuite/ChangeLog: PR middle-end/97175 * gcc.dg/Wstringop-overflow-44.c: New test.
-rw-r--r--gcc/builtins.c10
-rw-r--r--gcc/testsuite/gcc.dg/Wstringop-overflow-44.c129
2 files changed, 137 insertions, 2 deletions
diff --git a/gcc/builtins.c b/gcc/builtins.c
index 45efc1c..cac842f 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -3480,8 +3480,14 @@ maybe_warn_for_bound (int opt, location_t loc, tree exp, tree func,
if (warned)
{
if (pad && pad->dst.ref)
- inform (DECL_SOURCE_LOCATION (pad->dst.ref),
- "destination object declared here");
+ {
+ if (DECL_P (pad->dst.ref))
+ inform (DECL_SOURCE_LOCATION (pad->dst.ref),
+ "destination object declared here");
+ else if (EXPR_HAS_LOCATION (pad->dst.ref))
+ inform (EXPR_LOCATION (pad->dst.ref),
+ "destination object allocated here");
+ }
TREE_NO_WARNING (exp) = true;
}
diff --git a/gcc/testsuite/gcc.dg/Wstringop-overflow-44.c b/gcc/testsuite/gcc.dg/Wstringop-overflow-44.c
new file mode 100644
index 0000000..9e292a9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wstringop-overflow-44.c
@@ -0,0 +1,129 @@
+/* PR middle-end/97175 - ICE on an excessive strncpy bound
+ { dg-do compile }
+ { dg-options "-O -Wall" } */
+
+int n;
+
+char *d;
+
+void sink (void*);
+
+/* Exercise calls with a destination of unknown size. */
+
+void f0 (const void *s)
+{
+ if (n > 0) return;
+ __builtin_memcpy (d, s, n); // eliminated
+}
+
+void f1 (const void *s)
+{
+ if (n > 0) return;
+ __builtin_memmove (d, s, n); // eliminated
+}
+
+void f2 (void)
+{
+ if (n > 0) return;
+ __builtin_memset (d, 0, n); // eliminated
+}
+
+void f3 (const char *s)
+{
+ if (n > 0) return;
+ __builtin_strncpy (d, s, n); // can be eliminated but isn't
+}
+
+void f4 (const char *s)
+{
+ if (n > 0) return;
+ *d = 0;
+ __builtin_strncat (d, s, n); // can be eliminated but isn't
+}
+
+
+/* Exercise the same calls but with a declared destination object. */
+
+void g0 (const void *s)
+{
+ if (n > 0) return;
+ char a[1];
+ __builtin_memcpy (a, s, n); // eliminated
+ sink (a);
+}
+
+void g1 (const void *s)
+{
+ if (n > 0) return;
+ char a[1];
+ __builtin_memmove (a, s, n); // eliminated
+ sink (a);
+}
+
+void g2 (void)
+{
+ if (n > 0) return;
+ char a[1];
+ __builtin_memset (a, 0, n); // eliminated
+ sink (a);
+}
+
+void g3 (const char *s)
+{
+ if (n > 0) return;
+ char a[1];
+ __builtin_strncpy (a, s, n); // can be eliminated but isn't
+ sink (a);
+}
+
+void g4 (const char *s)
+{
+ if (n > 0) return;
+ char a[1];
+ *a = 0;
+ __builtin_strncat (a, s, n); // can be eliminated but isn't
+ sink (a);
+}
+
+
+void h0 (const void *s)
+{
+ if (n > 0) return;
+ d = __builtin_malloc (1);
+ __builtin_memcpy (d, s, n); // eliminated
+}
+
+void h1 (const void *s)
+{
+ if (n > 0) return;
+ d = __builtin_malloc (1);
+ __builtin_memmove (d, s, n); // eliminated
+}
+
+void h2 (void)
+{
+ if (n > 0) return;
+ d = __builtin_malloc (1);
+ __builtin_memset (d, 0, n); // eliminated
+}
+
+void h3 (const char *s)
+{
+ if (n > 0) return;
+ d = __builtin_malloc (1);
+ __builtin_strncpy (d, s, n); // can be eliminated but isn't
+}
+
+void h4 (const char *s)
+{
+ if (n > 0) return;
+ d = __builtin_malloc (1);
+ *d = 0;
+ __builtin_strncat (d, s, n); // can be eliminated but isn't
+}
+
+/* The calls above that aren't eliminated trigger
+ warning: specified size between INT_MAX and SIZE_MAX exceed maximum
+ object size PTRDIFF_MAX
+ { dg-prune-output "-Wstringop-overflow" }
+ { dg-prune-output "-Wstringop-overread" } */