Bug 1127031 - bug in GCC/G++ or Runtime Libraray
Summary: bug in GCC/G++ or Runtime Libraray
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: gcc
Version: 6.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Jelinek
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-06 01:45 UTC by Sergey
Modified: 2014-08-06 11:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 04:29:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Sergey 2014-08-06 01:45:50 UTC 
Description of problem:
Bug in strcpy

Version-Release number of selected component (if applicable):
ska 87> cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
ska 88> gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)


How reproducible:
Permanent

Steps to Reproduce:
ska 90> cat testcpy.cpp
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <errno.h>

int main(int ac, char ** av)
{
        static char buf[10240];
        strcpy(buf, "  1234567890AB");
        printf("%s\n", buf);
        strcpy(buf, buf+1);
        printf("%s\n", buf);
}
ska 91> g++ testcpy.cpp
ska 92> ./a.out
  1234567890AB
 1234577890AB
Actual results:
 1234577890AB

Expected results:
 1234567890AB


Additional info:
Extremely SEVERE bug !!!
Comment 2 Marek Polacek 2014-08-06 04:29:44 UTC 
I agree there's a bug, but only in your code.  Calling strcpy with overlapping strings is an undefined behaviour.
Comment 3 Jakub Jelinek 2014-08-06 06:46:18 UTC 
Yeah.  See e.g. ISO C99, 7.21.2.3/2: "If copying takes place between objects that
overlap, the behavior is undefined.", or
http://pubs.opengroup.org/onlinepubs/9699919799/functions/strcpy.html
(or man 3p strcpy) for the same wording.
Comment 4 Sergey 2014-08-06 11:41:09 UTC 
Well, I agree, you are FORMALLY right :-(

And it's well known for memcpy which has memmove for that purposes, but strcpy was working fine on all platforms I know since 1982, including previous version of RedHat, and unfortunately it is all over some old code :-(
No problem. Will replace strcpy.

Regards,
Sergey
Note You need to log in before you can comment on or make changes to this bug.