From patchwork Wed Apr 4 13:34:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Matz X-Patchwork-Id: 894997 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-475824-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.de Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="ijKsFx+i"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40GRlc3DRHz9s1l for ; Wed, 4 Apr 2018 23:34:51 +1000 (AEST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; q=dns; s= default; b=TMsdaIBso+/TqCRvc4re8m08UgIXLy+jFAj8DyP8zHZbyLB7CIMeQ sn6Es6FPXk3fQoMElN0YC/bp5v43Q2ObpBaX0qrVRxEYSvQX9FCgdZgghtYyQaXe 83PUySLYr/krQ1Pul+YqJufK/vIc2xhbF61TOHJK5Neaf6EH6QjuuQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; s= default; bh=dCT51pS0FYYiynVolXrhRyT56sU=; b=ijKsFx+i/9+WxY+xKCg4 pBnTSPszO2nDH+ZmiKN9Cq8VVNFm0r/Xvo9i/j+hRituDi08C4JBPDvGMAdyoMjA n871PNHM0EaVWKcoBFlfJMT6e1g/X85K79epLeGzTKDwCHzGmmLCvxjYchqOrT58 jRhRCgYw5a/VJrEeReYpjOA= Received: (qmail 125204 invoked by alias); 4 Apr 2018 13:34:44 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 125177 invoked by uid 89); 4 Apr 2018 13:34:43 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=claim X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 04 Apr 2018 13:34:42 +0000 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 999DFAE90 for ; Wed, 4 Apr 2018 13:34:39 +0000 (UTC) Date: Wed, 4 Apr 2018 13:34:38 +0000 (UTC) From: Michael Matz To: gcc-patches@gcc.gnu.org Subject: Fix -Wstringop-overflow regression Message-ID: User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 X-IsSubscribed: yes Hi, we shouldn't claim string overflows for character arrays at end of structures; the code that tries to avoid these accidentally passed the address of the accessed member to array_at_struct_end_p(), but that one wants the component_ref or array_ref itself. Needs updating of one testcase that incorrectly expected warning to occur in this situation. (The regression is that we warn about the testcase now, where we didn't warn before) * builtins.c (compute_objsize): Pass correct operand to array_at_struct_end_p. testsuite/ * gcc.dg/Wstringop-overflow-4.c: New test. * c-c++-common/Wstringop-truncation-4.c: Adjust. diff --git a/gcc/builtins.c b/gcc/builtins.c index 487d9d5..3554cdb 100644 --- a/gcc/builtins.c +++ b/gcc/builtins.c @@ -3379,7 +3379,7 @@ compute_objsize (tree dest, int ostype) type = TYPE_MAIN_VARIANT (type); if (TREE_CODE (type) == ARRAY_TYPE - && !array_at_struct_end_p (dest)) + && !array_at_struct_end_p (TREE_OPERAND (dest, 0))) { /* Return the constant size unless it's zero (that's a zero-length array likely at the end of a struct). */ diff --git a/gcc/testsuite/c-c++-common/Wstringop-truncation-4.c b/gcc/testsuite/c-c++-common/Wstringop-truncation-4.c index c4ad4d6..c76f282 100644 --- a/gcc/testsuite/c-c++-common/Wstringop-truncation-4.c +++ b/gcc/testsuite/c-c++-common/Wstringop-truncation-4.c @@ -23,7 +23,7 @@ void test_arrays (struct Arrays *p, const char *s) { strncpy (p->a, s, sizeof p->a); /* { dg-warning "\\\[-Wstringop-truncation" } */ strncpy ((char*)p->b, s, sizeof p->b); /* { dg-warning "\\\[-Wstringop-truncation" } */ - strncpy ((char*)p->c, s, sizeof p->c); /* { dg-warning "\\\[-Wstringop-truncation" } */ + strncpy ((char*)p->c, s, sizeof p->c); /* { dg-bogus "\\\[-Wstringop-truncation" } */ } struct Pointers @@ -51,7 +51,7 @@ void test_const_arrays (struct ConstArrays *p, const char *s) { strncpy ((char*)p->a, s, sizeof p->a); /* { dg-warning "\\\[-Wstringop-truncation" } */ strncpy ((char*)p->b, s, sizeof p->b); /* { dg-warning "\\\[-Wstringop-truncation" } */ - strncpy ((char*)p->c, s, sizeof p->c); /* { dg-warning "\\\[-Wstringop-truncation" } */ + strncpy ((char*)p->c, s, sizeof p->c); /* { dg-bogus "\\\[-Wstringop-truncation" } */ } struct ConstPointers @@ -79,7 +79,7 @@ void test_volatile_arrays (struct VolatileArrays *p, const char *s) { strncpy ((char*)p->a, s, sizeof p->a); /* { dg-warning "\\\[-Wstringop-truncation" } */ strncpy ((char*)p->b, s, sizeof p->b); /* { dg-warning "\\\[-Wstringop-truncation" } */ - strncpy ((char*)p->c, s, sizeof p->c); /* { dg-warning "\\\[-Wstringop-truncation" } */ + strncpy ((char*)p->c, s, sizeof p->c); /* { dg-bogus "\\\[-Wstringop-truncation" } */ } struct VolatilePointers @@ -107,7 +107,7 @@ void test_const_volatile_arrays (struct ConstVolatileArrays *p, const char *s) { strncpy ((char*)p->a, s, sizeof p->a); /* { dg-warning "\\\[-Wstringop-truncation" } */ strncpy ((char*)p->b, s, sizeof p->b); /* { dg-warning "\\\[-Wstringop-truncation" } */ - strncpy ((char*)p->c, s, sizeof p->c); /* { dg-warning "\\\[-Wstringop-truncation" } */ + strncpy ((char*)p->c, s, sizeof p->c); /* { dg-bogus "\\\[-Wstringop-truncation" } */ } struct ConstVolatilePointers diff --git a/gcc/testsuite/gcc.dg/Wstringop-overflow-4.c b/gcc/testsuite/gcc.dg/Wstringop-overflow-4.c new file mode 100644 index 0000000..5905b26 --- /dev/null +++ b/gcc/testsuite/gcc.dg/Wstringop-overflow-4.c @@ -0,0 +1,28 @@ +/* { dg-do compile } + { dg-options "-O2 -Wstringop-overflow" } */ + +extern char* strchr (const char*, int); +extern char* strcpy (char*, const char*); +extern void* malloc (__SIZE_TYPE__); +extern __SIZE_TYPE__ strlen (const char *); +struct define_item { + int len; + char value[1]; +}; + +struct define_item * foo(char *name) +{ + char * p; + char * value; + struct define_item * ptr; + + p = strchr (name, '='); + if (1 && p) { + value = p+1; + } else + value = "1"; + + ptr = malloc(sizeof(struct define_item) + strlen(value)); + strcpy(ptr->value, value); /* { dg-bogus "bytes into a region" } */ + return ptr; +}