https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81601
Bug ID: 81601 Summary: incorrect Warray-bounds warning with -fsanitize Product: gcc Version: 7.1.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: arnd at linaro dot org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- Created attachment 41856 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41856&action=edit reduced version of linux/net/ipv4/tcp_output.c Compiling the Linux kernel with gcc-7.1.1 and ubsan, I get this warning: net/ipv4/tcp_output.c: In function 'tcp_connect': net/ipv4/tcp_output.c:2207:40: error: array subscript is below array bounds [-Werror=array-bounds] tp->chrono_stat[tp->chrono_type - 1] += now - tp->chrono_start; ^~ net/ipv4/tcp_output.c:2207:40: error: array subscript is below array bounds [-Werror=array-bounds] tp->chrono_stat[tp->chrono_type - 1] += now - tp->chrono_start; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~ I have manually reduced the file to the attached version (this can be reduced further, I decided to leave a little more context for clarity). The warning is an array dereference after a range check: if (tp->chrono_type > TCP_CHRONO_UNSPEC) tp->chrono_stat[tp->chrono_type - 1] += now - tp->chrono_start; so it clearly cannot be below the bounds. In the original version, this happens specifically when at least one of -fsanitize=object-size, -fsanitize=alignment, or -fsanitize=null is set in addition to "-O2 -Wall", but not when all three are disabled. In the reduced version, I can also reproduce it with "-Os -Wall" (without ubsan). I also see the problem with gcc-7.0.1 on all architectures I tried (arm, arm64 and x86), but not with gcc-6.3.1.