diff options
| author | Martin Sebor <msebor@redhat.com> | 2019-09-19 22:15:34 +0000 |
|---|---|---|
| committer | Martin Sebor <msebor@gcc.gnu.org> | 2019-09-19 16:15:34 -0600 |
| commit | 6889a3acfeed47265886676c6d43b04ef799fb82 (patch) | |
| tree | 8101bfd6fc153a6707fc453e76507f09e0916c46 /gcc/tree-ssa-strlen.c | |
| parent | 7d112d6670a0e0e662f8a7e64c33686e475832c8 (diff) | |
| download | gcc-6889a3acfeed47265886676c6d43b04ef799fb82.zip gcc-6889a3acfeed47265886676c6d43b04ef799fb82.tar.gz gcc-6889a3acfeed47265886676c6d43b04ef799fb82.tar.bz2 | |
PR middle-end/91631 - buffer overflow into an array member of a declared object not detected
gcc/ChangeLog:
PR middle-end/91631
* builtins.c (component_size): Correct trailing array computation,
rename to component_ref_size and move...
(compute_objsize): Adjust.
* gimple-ssa-warn-restrict.c (builtin_memref::refsize): New member.
(builtin_access::strict): Do not consider mememmove.
(builtin_access::write_off): New function.
(builtin_memref::builtin_memref): Initialize refsize.
(builtin_memref::set_base_and_offset): Adjust refoff and compute
refsize.
(builtin_memref::offset_out_of_bounds): Use ooboff input values.
Handle refsize.
(builtin_access::builtin_access): Intialize dstoff to destination
refeence offset here instead of in maybe_diag_overlap. Adjust
referencess even to unrelated objects. Adjust sizrange of bounded
string functions to reflect bound. For strcat, adjust destination
sizrange by that of source.
(builtin_access::strcat_overlap): Adjust offsets and sizes
to reflect the increase in destination sizrange above.
(builtin_access::overlap): Do not set dstoff here but instead
in builtin_access::builtin_access.
(check_bounds_or_overlap): Use builtin_access::write_off.
(maybe_diag_access_bounds): Add argument. Add informational notes.
(dump_builtin_memref, dump_builtin_access): New functions.
* tree.c (component_ref_size): ...to here.
* tree.h (component_ref_size): Declare.
* tree-ssa-strlen (handle_builtin_strcat): Include the terminating
nul in the size of the source string.
gcc/testsuite/ChangeLog:
PR middle-end/91631
* /c-c++-common/Warray-bounds-3.c: Correct expected offsets.
* /c-c++-common/Warray-bounds-4.c: Same.
* gcc.dg/Warray-bounds-39.c: Remove xfails.
* gcc.dg/Warray-bounds-45.c: New test.
* gcc.dg/Warray-bounds-46.c: New test.
From-SVN: r275981
Diffstat (limited to 'gcc/tree-ssa-strlen.c')
| -rw-r--r-- | gcc/tree-ssa-strlen.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/gcc/tree-ssa-strlen.c b/gcc/tree-ssa-strlen.c index b979320..5e1054b 100644 --- a/gcc/tree-ssa-strlen.c +++ b/gcc/tree-ssa-strlen.c @@ -3057,11 +3057,12 @@ handle_builtin_strcat (enum built_in_function bcode, gimple_stmt_iterator *gsi) /* Compute the size of the source sequence, including the nul. */ tree srcsize = srclen ? srclen : size_zero_node; - srcsize = fold_build2 (PLUS_EXPR, type, srcsize, build_int_cst (type, 1)); - + tree one = build_int_cst (type, 1); + srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one); + tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one); tree sptr = si && si->ptr ? si->ptr : src; - if (check_bounds_or_overlap (stmt, dst, sptr, dstlen, srcsize)) + if (check_bounds_or_overlap (stmt, dst, sptr, dstsize, srcsize)) { gimple_set_no_warning (stmt, true); set_no_warning = true; |