https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89720
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2019-03-14 Component|c++ |tree-optimization Known to work| |8.3.0 Ever confirmed|0 |1 Known to fail| |9.0 --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- Confirmed. It was introduced in r262893: Author: msebor <msebor@138bc75d-0d04-0410-961f-82ee72b054a4> Date: Thu Jul 19 23:36:34 2018 +0000 PR tree-optimization/84047 - missing -Warray-bounds on an out-of-bounds index into an array PR tree-optimization/83776 - missing -Warray-bounds indexing past the end of a string literal gcc/ChangeLog: PR tree-optimization/84047 PR tree-optimization/83776 * tree-vrp.c (vrp_prop::check_mem_ref): New function. (check_array_bounds): Call it. I think it's another instance of incorrectly dealing with unsigned pointer offsets (similar to bug 89350). The range of the offset is [0, -3221225473] which the code misinterprets as [-3221225473, 0]: (gdb) p min $10 = {<fixed_wide_int_storage<128>> = {val = {0, 10836215197923, 36503164}, len = 1}, static is_sign_extended = true} (gdb) p max $11 = {<fixed_wide_int_storage<128>> = {val = {-3221225473, 140737128894544, 140737488345360}, len = 1}, static is_sign_extended = true} if (vr->kind () == VR_RANGE) { if (tree_int_cst_lt (vr->min (), vr->max ())) { offset_int min = wi::to_offset (fold_convert (ptrdiff_type_node, vr->min ())); offset_int max = wi::to_offset (fold_convert (ptrdiff_type_node, vr->max ())); if (min < max) { offrange[0] += min; offrange[1] += max; } else { offrange[0] += max; offrange[1] += min; }