From 287ef129b68d25d219b167163a2494d82bee5820 Mon Sep 17 00:00:00 2001 From: Martin Sebor Date: Mon, 11 Feb 2019 17:44:05 +0000 Subject: [PATCH] PR tree-optimization/88771 - Misleading -Werror=array-bounds error gcc/ChangeLog: PR tree-optimization/88771 * gimple-ssa-warn-restrict.c (pass_wrestrict::gate): Also enable when -Wstringop-overflow is set. (builtin_memref::builtin_memref): Adjust excessive upper bound only when lower bound is not excessive. (maybe_diag_overlap): Detect and diagnose excessive bounds via -Wstringop-ovefflow. (maybe_diag_offset_bounds): Rename... (maybe_diag_access_bounds): ...to this. (check_bounds_or_overlap): Adjust for name change above. gcc/testsuite/ChangeLog: PR tree-optimization/88771 * gcc.dg/Wstringop-overflow-8.c: New test. * gcc.dg/Wstringop-overflow-9.c: New test. * gcc.dg/Warray-bounds-40.c: New test. * gcc.dg/builtin-stpncpy.c: Adjust. * gcc.dg/builtin-stringop-chk-4.c: Adjust. * g++.dg/opt/memcpy1.C: Adjust. From-SVN: r268775 --- gcc/ChangeLog | 13 ++++ gcc/gimple-ssa-warn-restrict.c | 67 +++++++++++++---- gcc/testsuite/ChangeLog | 10 +++ gcc/testsuite/g++.dg/opt/memcpy1.C | 2 +- gcc/testsuite/gcc.dg/Warray-bounds-40.c | 73 +++++++++++++++++++ gcc/testsuite/gcc.dg/Wstringop-overflow-8.c | 62 ++++++++++++++++ gcc/testsuite/gcc.dg/Wstringop-overflow-9.c | 72 ++++++++++++++++++ gcc/testsuite/gcc.dg/builtin-stpncpy.c | 4 +- gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c | 66 ++++++++--------- 9 files changed, 319 insertions(+), 50 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/Warray-bounds-40.c create mode 100644 gcc/testsuite/gcc.dg/Wstringop-overflow-8.c create mode 100644 gcc/testsuite/gcc.dg/Wstringop-overflow-9.c diff --git a/gcc/ChangeLog b/gcc/ChangeLog index a8b815658c8..b08cd68d4aa 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,16 @@ +2019-02-11 Martin Sebor + + PR tree-optimization/88771 + * gimple-ssa-warn-restrict.c (pass_wrestrict::gate): Also enable + when -Wstringop-overflow is set. + (builtin_memref::builtin_memref): Adjust excessive upper bound + only when lower bound is not excessive. + (maybe_diag_overlap): Detect and diagnose excessive bounds via + -Wstringop-ovefflow. + (maybe_diag_offset_bounds): Rename... + (maybe_diag_access_bounds): ...to this. + (check_bounds_or_overlap): Adjust for name change above. + 2019-02-11 Martin Sebor PR c++/87996 diff --git a/gcc/gimple-ssa-warn-restrict.c b/gcc/gimple-ssa-warn-restrict.c index b069f3aebe6..6643b89dd88 100644 --- a/gcc/gimple-ssa-warn-restrict.c +++ b/gcc/gimple-ssa-warn-restrict.c @@ -75,7 +75,7 @@ class pass_wrestrict : public gimple_opt_pass bool pass_wrestrict::gate (function *fun ATTRIBUTE_UNUSED) { - return warn_array_bounds != 0 || warn_restrict != 0; + return warn_array_bounds || warn_restrict || warn_stringop_overflow; } /* Class to walk the basic blocks of a function in dominator order. */ @@ -256,7 +256,7 @@ builtin_memref::builtin_memref (tree expr, tree size) sizrange[1] = wi::to_offset (range[1]); /* get_size_range returns SIZE_MAX for the maximum size. Constrain it to the real maximum of PTRDIFF_MAX. */ - if (sizrange[1] > maxobjsize) + if (sizrange[0] <= maxobjsize && sizrange[1] > maxobjsize) sizrange[1] = maxobjsize; } else @@ -1567,18 +1567,56 @@ maybe_diag_overlap (location_t loc, gimple *call, builtin_access &acs) return true; } -/* Validate REF offsets in an expression passed as an argument to a CALL - to a built-in function FUNC to make sure they are within the bounds - of the referenced object if its size is known, or PTRDIFF_MAX otherwise. - Both initial values of the offsets and their final value computed by - the function by incrementing the initial value by the size are +/* Validate REF size and offsets in an expression passed as an argument + to a CALL to a built-in function FUNC to make sure they are within + the bounds of the referenced object if its size is known, or + PTRDIFF_MAX otherwise. DO_WARN is true when a diagnostic should + be issued, false otherwise. + Both initial values of the offsets and their final value computed + by the function by incrementing the initial value by the size are validated. Return true if the offsets are not valid and a diagnostic - has been issued. */ + has been issued, or would have been issued if DO_WARN had been true. */ static bool -maybe_diag_offset_bounds (location_t loc, gimple *call, tree func, int strict, +maybe_diag_access_bounds (location_t loc, gimple *call, tree func, int strict, const builtin_memref &ref, bool do_warn) { + const offset_int maxobjsize = tree_to_shwi (max_object_size ()); + + /* Check for excessive size first and regardless of warning options + since the result is used to make codegen decisions. */ + if (ref.sizrange[0] > maxobjsize) + { + /* Return true without issuing a warning. */ + if (!do_warn) + return true; + + if (ref.ref && TREE_NO_WARNING (ref.ref)) + return false; + + if (warn_stringop_overflow) + { + if (EXPR_HAS_LOCATION (ref.ptr)) + loc = EXPR_LOCATION (ref.ptr); + + loc = expansion_point_location_if_in_system_header (loc); + + if (ref.sizrange[0] == ref.sizrange[1]) + return warning_at (loc, OPT_Wstringop_overflow_, + "%G%qD specified bound %wu " + "exceeds maximum object size %wu", + call, func, ref.sizrange[0].to_uhwi (), + maxobjsize.to_uhwi ()); + + return warning_at (loc, OPT_Wstringop_overflow_, + "%G%qD specified bound between %wu and %wu " + "exceeds maximum object size %wu", + call, func, ref.sizrange[0].to_uhwi (), + ref.sizrange[1].to_uhwi (), + maxobjsize.to_uhwi ()); + } + } + /* Check for out-bounds pointers regardless of warning options since the result is used to make codegen decisions. */ offset_int ooboff[] = { ref.offrange[0], ref.offrange[1] }; @@ -1616,11 +1654,12 @@ maybe_diag_offset_bounds (location_t loc, gimple *call, tree func, int strict, if (oobref == error_mark_node) { if (ref.sizrange[0] == ref.sizrange[1]) - sprintf (rangestr[1], "%lli", (long long) ref.sizrange[0].to_shwi ()); + sprintf (rangestr[1], "%llu", + (unsigned long long) ref.sizrange[0].to_shwi ()); else sprintf (rangestr[1], "[%lli, %lli]", - (long long) ref.sizrange[0].to_shwi (), - (long long) ref.sizrange[1].to_shwi ()); + (unsigned long long) ref.sizrange[0].to_uhwi (), + (unsigned long long) ref.sizrange[1].to_uhwi ()); tree type; @@ -1854,8 +1893,8 @@ check_bounds_or_overlap (gimple *call, tree dst, tree src, tree dstsize, /* Validate offsets first to make sure they are within the bounds of the destination object if its size is known, or PTRDIFF_MAX otherwise. */ - if (maybe_diag_offset_bounds (loc, call, func, strict, dstref, do_warn) - || maybe_diag_offset_bounds (loc, call, func, strict, srcref, do_warn)) + if (maybe_diag_access_bounds (loc, call, func, strict, dstref, do_warn) + || maybe_diag_access_bounds (loc, call, func, strict, srcref, do_warn)) { if (do_warn) gimple_set_no_warning (call, true); diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 0406b6b0dce..0c01d396099 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,13 @@ +2019-02-11 Martin Sebor + + PR tree-optimization/88771 + * gcc.dg/Wstringop-overflow-8.c: New test. + * gcc.dg/Wstringop-overflow-9.c: New test. + * gcc.dg/Warray-bounds-40.c: New test. + * gcc.dg/builtin-stpncpy.c: Adjust. + * gcc.dg/builtin-stringop-chk-4.c: Adjust. + * g++.dg/opt/memcpy1.C: Adjust. + 2019-02-11 Martin Sebor PR c++/87996 diff --git a/gcc/testsuite/g++.dg/opt/memcpy1.C b/gcc/testsuite/g++.dg/opt/memcpy1.C index 66411cdda39..3862756083d 100644 --- a/gcc/testsuite/g++.dg/opt/memcpy1.C +++ b/gcc/testsuite/g++.dg/opt/memcpy1.C @@ -62,7 +62,7 @@ namespace CS // OutV is initialized to SIZE_MAX in the ctor above causing // the multiplication below to produce a very large number // in excess of the maximum possible object size (SIZE_MAX/2). - __builtin_memcpy (this->OutP, InP, OutV * sizeof (csVector2)); // { dg-warning "specified size \[0-9\]+ exceeds maximum object size" } + __builtin_memcpy (this->OutP, InP, OutV * sizeof (csVector2)); // { dg-warning "exceeds maximum object size" } return 0; } }; diff --git a/gcc/testsuite/gcc.dg/Warray-bounds-40.c b/gcc/testsuite/gcc.dg/Warray-bounds-40.c new file mode 100644 index 00000000000..21827fbd920 --- /dev/null +++ b/gcc/testsuite/gcc.dg/Warray-bounds-40.c @@ -0,0 +1,73 @@ +/* PR middle-end/88771 - Misleading -Werror=array-bounds error + Verify that the warning issued for calls to "bounded" string + functions when -Wstringop-overflow is disabled is -Warray-bounds + with the right wording. + { dg-do compile } + { dg-options "-O2 -Wall -Wno-stringop-overflow" } */ + +#define PTRDIFF_MAX __PTRDIFF_MAX__ +#define SIZE_MAX __SIZE_MAX__ + +typedef __SIZE_TYPE__ size_t; + +extern void* memcpy (void*, const void*, size_t); +extern void* memmove (void*, const void*, size_t); +extern void* memset (void*, int, size_t); + +extern char* stpncpy (char*, const char*, size_t); + +extern char* strncat (char*, const char*, size_t); +extern char* strncpy (char*, const char*, size_t); + +extern char* strndup (const char*, size_t); + +extern int strncmp (const char*, const char*, size_t); +extern int strncasecmp (const char*, const char*, size_t); + +extern size_t strnlen (const char*, size_t); + +extern char *d; +extern const char *s; + + +void test_memcpy (void) +{ + memcpy (d, s, SIZE_MAX); /* { dg-warning ".memcpy. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" } */ +} + +void test_memmove (void) +{ + memmove (d, s, SIZE_MAX - 1); /* { dg-warning ".memmove. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" } */ +} + +void test_memset (void) +{ + memset (d, 0, SIZE_MAX - 2); /* { dg-warning ".memset. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" "bug" { xfail *-*-* } } */ +} + + +char* test_stpncpy (void) +{ + return stpncpy (d, s, SIZE_MAX - 4); /* { dg-warning ".stpncpy. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" } */ +} + + +void test_strncat (void) +{ + strncat (d, s, SIZE_MAX - 3); /* { dg-warning ".strncat. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" } */ +} + +void test_strncpy (void) +{ + strncpy (d, s, SIZE_MAX - 4); /* { dg-warning ".strncpy. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" } */ +} + +char* test_strndup (void) +{ + return strndup (s, SIZE_MAX - 5); /* { dg-warning ".strndup. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" "bug" { xfail *-*-* } } */ +} + +size_t test_strnlen (void) +{ + return strnlen (s, SIZE_MAX - 6); /* { dg-warning ".strnlen. pointer overflow between offset 0 and size \[0-9\]+ \\\[-Warray-bounds" "bug" { xfail *-*-* } } */ +} diff --git a/gcc/testsuite/gcc.dg/Wstringop-overflow-8.c b/gcc/testsuite/gcc.dg/Wstringop-overflow-8.c new file mode 100644 index 00000000000..513d6b1d332 --- /dev/null +++ b/gcc/testsuite/gcc.dg/Wstringop-overflow-8.c @@ -0,0 +1,62 @@ +/* PR tree-optimization/79220 - missing -Wstringop-overflow= on a memcpy + overflow with a small power-of-2 size + { dg-do compile } + { dg-options "-O2 -Wno-array-bounds -Wstringop-overflow" } */ + +extern void* memcpy (void*, const void*, __SIZE_TYPE__); +extern void* memmove (void*, const void*, __SIZE_TYPE__); +extern void* memset (void*, int, __SIZE_TYPE__); + +char d[1]; + +void test_memcpy_lit_2 (void) +{ + memcpy (d, "01", 2); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memcpy_lit_4 (void) +{ + memcpy (d, "0123", 4); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memmove_lit_8 (void) +{ + memmove (d, "01234567", 8); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + + +void test_memcpy_ptr_2 (const void *s) +{ + memcpy (d, s, 2); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memcpy_ptr_4 (const void *s) +{ + memcpy (d, s, 4); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memcpy_ptr_8 (const void *s) +{ + memcpy (d, s, 8); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + + +void test_memmove_ptr (const void *s) +{ + memmove (d, s, 8); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memset_2 (void) +{ + memset (d, 0, 2); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memset_4 (void) +{ + memset (d, 0, 4); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} + +void test_memset_8 (void) +{ + memset (d, 0, 8); /* { dg-warning "\\\[-Wstringop-overflow" } */ +} diff --git a/gcc/testsuite/gcc.dg/Wstringop-overflow-9.c b/gcc/testsuite/gcc.dg/Wstringop-overflow-9.c new file mode 100644 index 00000000000..11db965c7dd --- /dev/null +++ b/gcc/testsuite/gcc.dg/Wstringop-overflow-9.c @@ -0,0 +1,72 @@ +/* PR middle-end/88771 - Misleading -Werror=array-bounds error + Verify that the warning issued for calls to "bounded" string + functions is -Wstringop-overflow with the right wording. + { dg-do compile } + { dg-options "-O2 -Wall" } */ + +#define PTRDIFF_MAX __PTRDIFF_MAX__ +#define SIZE_MAX __SIZE_MAX__ + +typedef __SIZE_TYPE__ size_t; + +extern void* memcpy (void*, const void*, size_t); +extern void* memmove (void*, const void*, size_t); +extern void* memset (void*, int, size_t); + +extern char* stpncpy (char*, const char*, size_t); + +extern char* strncat (char*, const char*, size_t); +extern char* strncpy (char*, const char*, size_t); + +extern char* strndup (const char*, size_t); + +extern int strncmp (const char*, const char*, size_t); +extern int strncasecmp (const char*, const char*, size_t); + +extern size_t strnlen (const char*, size_t); + +extern char *d; +extern const char *s; + + +void test_memcpy (void) +{ + memcpy (d, s, SIZE_MAX); /* { dg-warning ".memcpy. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + +void test_memmove (void) +{ + memmove (d, s, SIZE_MAX - 1); /* { dg-warning ".memmove. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + +void test_memset (void) +{ + memset (d, 0, SIZE_MAX - 2); /* { dg-warning ".memset. specified \(bound|size\) \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + + +char* test_stpncpy (void) +{ + return stpncpy (d, s, SIZE_MAX - 4); /* { dg-warning ".stpncpy. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + + +void test_strncat (void) +{ + strncat (d, s, SIZE_MAX - 3); /* { dg-warning ".strncat. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + +void test_strncpy (void) +{ + strncpy (d, s, SIZE_MAX - 4); /* { dg-warning ".strncpy. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + +char* test_strndup (void) +{ + return strndup (s, SIZE_MAX - 5); /* { dg-warning ".strndup. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} + +size_t test_strnlen (void) +{ + return strnlen (s, SIZE_MAX - 6); /* { dg-warning ".strnlen. specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+ \\\[-Wstringop-overflow=\\\]" } */ +} diff --git a/gcc/testsuite/gcc.dg/builtin-stpncpy.c b/gcc/testsuite/gcc.dg/builtin-stpncpy.c index 9a094fba38b..4b7b0f2c14f 100644 --- a/gcc/testsuite/gcc.dg/builtin-stpncpy.c +++ b/gcc/testsuite/gcc.dg/builtin-stpncpy.c @@ -35,7 +35,7 @@ void test_cst (char *d) __builtin_stpncpy (d, "123", n); - __builtin_stpncpy (d, "123", n + 1); /* { dg-warning "specified size \[0-9\]+ exceeds maximum object size \[0-9\]+" } */ + __builtin_stpncpy (d, "123", n + 1); /* { dg-warning "specified bound \[0-9\]+ exceeds maximum object size \[0-9\]+" } */ } @@ -73,5 +73,5 @@ void test_rng (char *d) __builtin_stpncpy (d, "123", R (n - 1, n + 1)); - __builtin_stpncpy (d, "123", R (n + 1, n + 2)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size \[0-9\]+" } */ + __builtin_stpncpy (d, "123", R (n + 1, n + 2)); /* { dg-warning "specified bound between \[0-9\]+ and \[0-9\]+ exceeds maximum object size \[0-9\]+" } */ } diff --git a/gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c b/gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c index c0110f2eb62..6e836c5d4d3 100644 --- a/gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c +++ b/gcc/testsuite/gcc.dg/builtin-stringop-chk-4.c @@ -102,13 +102,13 @@ void test_memcpy_range (void *d, const void *s) memcpy (buf + size_max, s, UR (1, 2)); /* { dg-warning "writing between 1 and 2 bytes into a region of size 0 overflows the destination" "excessive pointer offset" { xfail *-*-* } } */ memcpy (buf, s, UR (ssize_max, size_max)); /* { dg-warning "writing \[0-9\]+ or more bytes into a region of size 5 overflows the destination" } */ - memcpy (buf, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ - memcpy (buf, s, UR (size_max - 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memcpy (buf, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memcpy (buf, s, UR (size_max - 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ /* Exercise memcpy into a destination of unknown size with excessive number of bytes. */ memcpy (d, s, UR (ssize_max, size_max)); - memcpy (d, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memcpy (d, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ memcpy (buf, s, SR (-1, 1)); memcpy (buf, s, SR (-3, 2)); @@ -124,8 +124,8 @@ void test_memcpy_range (void *d, const void *s) memcpy (d, s, SR (-9, 5)); memcpy (d, s, SR (-11, 6)); - memcpy (buf, s, SR (-2, -1)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ - memcpy (d, s, SR (-2, -1)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memcpy (buf, s, SR (-2, -1)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memcpy (d, s, SR (-2, -1)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ /* Even though the following calls are bounded by the range of N's type they must not cause a warning for obvious reasons. */ @@ -187,13 +187,13 @@ void test_mempcpy_range (void *d, const void *s) mempcpy (buf, s, UR (6, 7)); /* { dg-warning "writing between 6 and 7 bytes into a region of size 5 overflows the destination" } */ mempcpy (buf, s, UR (ssize_max, size_max)); /* { dg-warning "writing \[0-9\]+ or more bytes into a region of size 5 overflows the destination" } */ - mempcpy (buf, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ - mempcpy (buf, s, UR (size_max - 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + mempcpy (buf, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + mempcpy (buf, s, UR (size_max - 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ /* Exercise mempcpy into a destination of unknown size with excessive number of bytes. */ mempcpy (d, s, UR (ssize_max, size_max)); - mempcpy (d, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + mempcpy (d, s, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ } /* Test memset with a number of bytes bounded by a known range. */ @@ -213,13 +213,13 @@ void test_memset_range (void *d) memset (buf, 0, UR (6, 7)); /* { dg-warning "writing between 6 and 7 bytes into a region of size 5 overflows the destination" } */ memset (buf, 0, UR (ssize_max, size_max)); /* { dg-warning "writing \[0-9\]+ or more bytes into a region of size 5 overflows the destination" } */ - memset (buf, 0, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ - memset (buf, 0, UR (size_max - 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memset (buf, 0, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memset (buf, 0, UR (size_max - 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ /* Exercise memset into a destination of unknown size with excessive number of bytes. */ memset (d, 0, UR (ssize_max, size_max)); - memset (d, 0, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + memset (d, 0, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ } /* Test bzero with a number of bytes bounded by a known range. */ @@ -239,13 +239,13 @@ void test_bzero_range (void *d) bzero (buf, UR (6, 7)); /* { dg-warning "writing between 6 and 7 bytes into a region of size 5 overflows the destination" } */ bzero (buf, UR (ssize_max, size_max)); /* { dg-warning "writing \[0-9\]+ or more bytes into a region of size 5 overflows the destination" } */ - bzero (buf, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ - bzero (buf, UR (size_max - 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + bzero (buf, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + bzero (buf, UR (size_max - 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ /* Exercise bzero into a destination of unknown size with excessive number of bytes. */ bzero (d, UR (ssize_max, size_max)); - bzero (d, UR (ssize_max + 1, size_max)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + bzero (d, UR (ssize_max + 1, size_max)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ } /* Test strcat with an argument referencing a non-constant string of @@ -343,31 +343,31 @@ void test_strncat_range (void) strncat (buf + 5, S (0), 0); - strncat (buf + 5, S (0), 1); /* { dg-warning "specified bound 1 exceeds destination size 0" } */ - strncat (buf + 5, S (1), 1); /* { dg-warning "specified bound 1 exceeds destination size 0" } */ + strncat (buf + 5, S (0), 1); /* { dg-warning "specified \(bound|size\) 1 exceeds destination size 0" } */ + strncat (buf + 5, S (1), 1); /* { dg-warning "specified \(bound|size\) 1 exceeds destination size 0" } */ /* Strncat always appends a terminating null after copying the N characters so the following triggers a warning pointing out that specifying sizeof(buf) as the upper bound may cause the nul to overflow the destination. */ - strncat (buf, S (0), 5); /* { dg-warning "specified bound 5 equals destination size" } */ - strncat (buf, S (0), 6); /* { dg-warning "specified bound 6 exceeds destination size 5" } */ + strncat (buf, S (0), 5); /* { dg-warning "specified \(bound|size\) 5 equals destination size" } */ + strncat (buf, S (0), 6); /* { dg-warning "specified \(bound|size\) 6 exceeds destination size 5" } */ strncat (buf, S (1), 0); strncat (buf, S (1), 1); strncat (buf, S (1), 2); strncat (buf, S (1), 3); strncat (buf, S (1), 4); - strncat (buf, S (1), 5); /* { dg-warning "specified bound 5 equals destination size" } */ - strncat (buf, S (1), 6); /* { dg-warning "specified bound 6 exceeds destination size 5" } */ - strncat (buf, S (2), 6); /* { dg-warning "specified bound 6 exceeds destination size 5" } */ + strncat (buf, S (1), 5); /* { dg-warning "specified \(bound|size\) 5 equals destination size" } */ + strncat (buf, S (1), 6); /* { dg-warning "specified \(bound|size\) 6 exceeds destination size 5" } */ + strncat (buf, S (2), 6); /* { dg-warning "specified \(bound|size\) 6 exceeds destination size 5" } */ /* The following could just as well say "writing 6 bytes into a region of size 5. Either would be correct and probably equally as clear in this case. But when the length of the source string is not known at all then the bound warning seems clearer. */ - strncat (buf, S (5), 6); /* { dg-warning "specified bound 6 exceeds destination size 5" } */ - strncat (buf, S (7), 6); /* { dg-warning "specified bound 6 exceeds destination size 5" } */ + strncat (buf, S (5), 6); /* { dg-warning "specified \(bound|size\) 6 exceeds destination size 5" } */ + strncat (buf, S (7), 6); /* { dg-warning "specified \(bound|size\) 6 exceeds destination size 5" } */ { /* The implementation of the warning isn't smart enough to determine @@ -392,17 +392,17 @@ void test_strncat_chk_range (char *d) strncat_chk (buf, S (0), 2); strncat_chk (buf, S (0), 3); strncat_chk (buf, S (0), 4); - strncat_chk (buf, S (0), 5); /* { dg-warning "specified bound 5 equals destination size" } */ + strncat_chk (buf, S (0), 5); /* { dg-warning "specified \(bound|size\) 5 equals destination size" } */ strncat_chk (buf, S (5), 1); strncat_chk (buf, S (5), 2); strncat_chk (buf, S (5), 3); strncat_chk (buf, S (5), 4); - strncat_chk (buf, S (5), 5); /* { dg-warning "specified bound 5 equals destination size" } */ + strncat_chk (buf, S (5), 5); /* { dg-warning "specified \(bound|size\) 5 equals destination size" } */ - strncat_chk (buf, S (5), 10); /* { dg-warning "specified bound \[0-9\]+ exceeds destination size 5" } */ + strncat_chk (buf, S (5), 10); /* { dg-warning "specified \(bound|size\) \[0-9\]+ exceeds destination size 5" } */ - strncat_chk (d, S (5), size_max); /* { dg-warning "specified bound \[0-9\]+ exceeds maximum object size " } */ + strncat_chk (d, S (5), size_max); /* { dg-warning "specified \(bound|size\) \[0-9\]+ exceeds maximum object size " } */ } /* Test strncpy with a non-constant source string of length in a known @@ -426,15 +426,15 @@ void test_strncpy_string_range (char *d) strncpy (buf, S (1), ssize_max - 1); /* { dg-warning "writing \[0-9\]+ bytes into a region of size 5" } */ strncpy (buf, S (2), ssize_max); /* { dg-warning "writing \[0-9\]+ bytes into a region of size 5" } */ - strncpy (buf, S (3), ssize_max + 1); /* { dg-warning "specified size \[0-9\]+ exceeds maximum object size" } */ - strncpy (buf, S (4), size_max); /* { dg-warning "specified size \[0-9\]+ exceeds maximum object size" } */ + strncpy (buf, S (3), ssize_max + 1); /* { dg-warning "specified \(bound|size\) \[0-9\]+ exceeds maximum object size" } */ + strncpy (buf, S (4), size_max); /* { dg-warning "specified \(bound|size\) \[0-9\]+ exceeds maximum object size" } */ /* Exercise strncpy into a destination of unknown size with a valid and invalid constant number of bytes. */ strncpy (d, S (1), ssize_max - 1); strncpy (d, S (2), ssize_max); - strncpy (d, S (3), ssize_max + 1); /* { dg-warning "specified size \[0-9\]+ exceeds maximum object size" } */ - strncpy (d, S (4), size_max); /* { dg-warning "specified size \[0-9\]+ exceeds maximum object size" } */ + strncpy (d, S (3), ssize_max + 1); /* { dg-warning "specified \(bound|size\) \[0-9\]+ exceeds maximum object size" } */ + strncpy (d, S (4), size_max); /* { dg-warning "specified \(bound|size\) \[0-9\]+ exceeds maximum object size" } */ } /* Test strncpy with a non-constant source string of length in a known @@ -472,7 +472,7 @@ void test_strncpy_string_count_range (char *dst, const char *src) strncpy (buf, S (1), UR (7, 8)); /* { dg-warning "writing between 7 and 8 bytes into a region of size 5 " } */ strncpy (buf, S (2), UR (ssize_max, ssize_max + 1)); /* { dg-warning "writing \[0-9\]+ or more bytes into a region of size 5 " } */ - strncpy (buf, S (2), UR (ssize_max + 1, ssize_max + 2)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + strncpy (buf, S (2), UR (ssize_max + 1, ssize_max + 2)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ strncpy (buf + 5, S (0), UR (0, 1)); strncpy (buf + 5, S (1), UR (0, 1)); @@ -500,5 +500,5 @@ void test_strncpy_string_count_range (char *dst, const char *src) strncpy (dst, S (3), UR (ssize_max, ssize_max + 1)); - strncpy (dst, S (4), UR (ssize_max + 1, ssize_max + 2)); /* { dg-warning "specified size between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ + strncpy (dst, S (4), UR (ssize_max + 1, ssize_max + 2)); /* { dg-warning "specified \(bound|size\) between \[0-9\]+ and \[0-9\]+ exceeds maximum object size" } */ } -- 2.30.2