Bug 1127031

Summary: bug in GCC/G++ or Runtime Libraray
Product: Red Hat Enterprise Linux 6 Reporter: Sergey <ska>
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED NOTABUG QA Contact: qe-baseos-tools-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.5CC: mfranc, mpolacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-06 04:29:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergey 2014-08-06 01:45:50 UTC 
Description of problem:
Bug in strcpy

Version-Release number of selected component (if applicable):
ska 87> cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
ska 88> gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)


How reproducible:
Permanent

Steps to Reproduce:
ska 90> cat testcpy.cpp
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <errno.h>

int main(int ac, char ** av)
{
        static char buf[10240];
        strcpy(buf, "  1234567890AB");
        printf("%s\n", buf);
        strcpy(buf, buf+1);
        printf("%s\n", buf);
}
ska 91> g++ testcpy.cpp
ska 92> ./a.out
  1234567890AB
 1234577890AB
Actual results:
 1234577890AB

Expected results:
 1234567890AB


Additional info:
Extremely SEVERE bug !!!
Comment 2 Marek Polacek 2014-08-06 04:29:44 UTC 
I agree there's a bug, but only in your code.  Calling strcpy with overlapping strings is an undefined behaviour.
Comment 3 Jakub Jelinek 2014-08-06 06:46:18 UTC 
Yeah.  See e.g. ISO C99, 7.21.2.3/2: "If copying takes place between objects that
overlap, the behavior is undefined.", or
http://pubs.opengroup.org/onlinepubs/9699919799/functions/strcpy.html
(or man 3p strcpy) for the same wording.
Comment 4 Sergey 2014-08-06 11:41:09 UTC 
Well, I agree, you are FORMALLY right :-(

And it's well known for memcpy which has memmove for that purposes, but strcpy was working fine on all platforms I know since 1982, including previous version of RedHat, and unfortunately it is all over some old code :-(
No problem. Will replace strcpy.

Regards,
Sergey