diff options
| author | Martin Sebor <msebor@redhat.com> | 2019-12-14 00:52:46 +0000 |
|---|---|---|
| committer | Martin Sebor <msebor@gcc.gnu.org> | 2019-12-13 17:52:46 -0700 |
| commit | ef29b12cfbb4979a89b3cbadbf485a77c8fd8fce (patch) | |
| tree | 93fd1dc052be8520f98f160111e843d5a497aaf6 /gcc/testsuite/gcc.dg/Wstringop-overflow-29.c | |
| parent | e78b9a6fcaf4ec0e89f8d9bb746747ec4df0eee9 (diff) | |
| download | gcc-ef29b12cfbb4979a89b3cbadbf485a77c8fd8fce.zip gcc-ef29b12cfbb4979a89b3cbadbf485a77c8fd8fce.tar.gz gcc-ef29b12cfbb4979a89b3cbadbf485a77c8fd8fce.tar.bz2 | |
PR middle-end/91582 - missing heap overflow detection for strcpy
PR middle-end/91582 - missing heap overflow detection for strcpy
PR middle-end/92868 - ICE: tree check: expected integer_cst, have ssa_name
gcc/ChangeLog:
PR middle-end/91582
PR middle-end/92868
* builtins.c (addr_decl_size): New function.
(gimple_call_alloc_size): Add arguments.
(compute_objsize): Add an argument. Set *PDECL even for allocated
objects.
Correct checking for negative wide_int.
Correct handling of negative outer offsets into unknown regions
or with unknown inner offsets.
Extend offsets to at most sizetype precision.
Only handle constant subobject sizes.
* builtins.h (gimple_call_alloc_size): Add arguments.
* tree.c (component_ref_size): Always return sizetype.
* tree-ssa-strlen.c (strinfo::alloc): New member.
(get_addr_stridx): Add argument.
(get_stridx): Use ptrdiff_t. Add argument.
(new_strinfo): Set new member.
(get_string_length): Handle alloca and VLA.
(dump_strlen_info): Dump more state.
(maybe_invalidate): Print more info. Decrease indentation.
(unshare_strinfo): Set new member.
(valid_builtin_call): Handle alloca and VLA.
(maybe_warn_overflow): Check and set no-warning bit. Improve
handling of offsets. Print allocated objects.
(handle_builtin_strlen): Handle strinfo records with null lengths.
(handle_builtin_strcpy): Add argument. Call maybe_warn_overflow.
(is_strlen_related_p): Handle dynamically allocated objects.
(get_range): Add argument.
(handle_builtin_malloc): Rename...
(handle_alloc): ...to this and handle all allocation functions.
(handle_builtin_memset): Call maybe_warn_overflow.
(count_nonzero_bytes): Handle more MEM_REF forms.
(strlen_check_and_optimize_call): Call handle_alloc_call. Pass
arguments to more callees.
(handle_integral_assign): Add argument. Create strinfo entries
for MEM_REF assignments.
(check_and_optimize_stmt): Handle more MEM_REF forms.
gcc/testsuite/ChangeLog:
PR middle-end/91582
* c-c++-common/Wrestrict.c: Adjust expected warnings.
* gcc/testsuite/c-c++-common/Wstringop-truncation-4.c: Enable more
warnings.
* gcc/testsuite/c-c++-common/Wstringop-truncation.c: Remove an xfail.
* gcc.dg/Warray-bounds-46.c: Disable -Wstringop-overflow.
* gcc.dg/Warray-bounds-47.c: Same.
* gcc.dg/Warray-bounds-52.c: New test.
* gcc.dg/Wstringop-overflow-27.c: New test.
* gcc.dg/Wstringop-overflow-28.c: New test.
* gcc.dg/Wstringop-overflow-29.c: New test.
* gcc.dg/attr-alloc_size.c (test): Disable -Warray-bounds.
* gcc.dg/attr-copy-2.c: Adjust expected warnings.
* gcc.dg/builtin-stringop-chk-5.c: Adjust text of expected messages.
* gcc.dg/strlenopt-86.c: Relax test.
* gcc.target/i386/pr82002-1.c: Prune expected warnings.
From-SVN: r279392
Diffstat (limited to 'gcc/testsuite/gcc.dg/Wstringop-overflow-29.c')
| -rw-r--r-- | gcc/testsuite/gcc.dg/Wstringop-overflow-29.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/gcc/testsuite/gcc.dg/Wstringop-overflow-29.c b/gcc/testsuite/gcc.dg/Wstringop-overflow-29.c new file mode 100644 index 0000000..c011d05 --- /dev/null +++ b/gcc/testsuite/gcc.dg/Wstringop-overflow-29.c @@ -0,0 +1,66 @@ +/* PR middle-end/91582 - missing heap overflow detection for strcpy + Verify calls via function pointers. + { dg-do compile } + { dg-options "-O2 -Wall -Wno-array-bounds -ftrack-macro-expansion=0" } */ + +typedef __attribute__ ((alloc_size (1))) char* allocfn_t (unsigned); + +extern allocfn_t allocfn; + +void sink (void*); + +void direct_call (void) +{ + char *q = allocfn (0); // { dg-message "at offset 0 to an object with size 0 allocated by 'allocfn'" } + q[0] = 0; // { dg-warning "\\\[-Wstringop-overflow" } + sink (q); +} + + +void local_ptr_call (void) +{ + allocfn_t *ptr = allocfn; + char *q = ptr (1); // { dg-message "at offset -1 to an object with size 1 allocated by 'allocfn'" } + q[0] = 0; + q[-1] = 0; // { dg-warning "\\\[-Wstringop-overflow" } + sink (q); +} + + +void global_ptr_call (void) +{ + extern allocfn_t *ptralloc; + + allocfn_t *ptr = ptralloc; + char *q = ptr (2); // { dg-message "at offset 3 to an object with size 2 allocated by 'ptralloc'" } + q[0] = 0; + q[1] = 1; + q[3] = 3; // { dg-warning "\\\[-Wstringop-overflow" } + sink (q); +} + +void global_ptr_array_call (void) +{ + extern allocfn_t * (arralloc[]); + + allocfn_t *ptr = arralloc[0]; + char *q = ptr (2); // { dg-message "at offset 3 to an object with size 2 allocated by 'ptr'" } + q[0] = 1; + q[1] = 2; + q[3] = 3; // { dg-warning "\\\[-Wstringop-overflow" } + sink (q); +} + + +struct S { allocfn_t *ptralloc; }; + +void member_ptr_call (struct S *p) +{ + char *q = p->ptralloc (3); // { dg-message "at offset 5 to an object with size 3 allocated by 'ptralloc' here" } + q[0] = 0; + q[1] = 1; + q[2] = 2; + q[5] = 0; // { dg-warning "\\\[-Wstringop-overflow" } + sink (q); +} + |