https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92334
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Whoops. There's a typo in the test case in comment #0 (wrong pointer passed to
__builtin_object_size). Here's a corrected test case:
$ cat z.c && gcc -O2 -S -Wall -fdump-tree-strlen=/dev/stdout z.c
void sink (void*);
void f (const void *p)
{
int i = -7;
char a[3];
char *q = a + i;
__builtin___memcpy_chk (q, p, 10, __builtin_object_size (q, 1));
sink (a);
}
void g (const void *p)
{
int i = -7;
char a[3];
char *q = a + i;
__builtin___memcpy_chk (q, p, 13, __builtin_object_size (q, 1));
sink (a);
}
z.c: In function ‘f’:
z.c:8:9: warning: array subscript -7 is outside array bounds of ‘char[3]’
[-Warray-bounds]
8 | char *q = a + i;
| ^
z.c:7:8: note: while referencing ‘a’
7 | char a[3];
| ^
;; Function f (f, funcdef_no=0, decl_uid=1932, cgraph_uid=1, symbol_order=0)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
f (const void * p)
{
char a[3];
<bb 2> [local count: 1073741824]:
__builtin_memcpy (&MEM <char[3]> [(void *)&a + -7B], p_2(D), 10);
sink (&a);
a ={v} {CLOBBER};
return;
}
z.c: In function ‘g’:
z.c:20:9: warning: array subscript -7 is outside array bounds of ‘char[3]’
[-Warray-bounds]
20 | char *q = a + i;
| ^
z.c:19:8: note: while referencing ‘a’
19 | char a[3];
| ^
;; Function g (g, funcdef_no=1, decl_uid=1938, cgraph_uid=2, symbol_order=1)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
g (const void * p)
{
char a[3];
<bb 2> [local count: 1073741824]:
__builtin___memcpy_chk (&MEM <char[3]> [(void *)&a + -7B], p_2(D), 13, 10);
sink (&a);
a ={v} {CLOBBER};
return;
}
z.c:22:3: warning: ‘__builtin___memcpy_chk’ writing 13 bytes into a region of
size 10 overflows the destination [-Wstringop-overflow=]
22 | __builtin___memcpy_chk (q, p, 13, __builtin_object_size (q, 1));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
