https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92955
Matheus Castanho <msc at linux dot ibm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msc at linux dot ibm.com
--- Comment #3 from Matheus Castanho <msc at linux dot ibm.com> ---
A very similar issue is affecting glibc builds with GCC 10 on powerpc64le. But
it's only failing with -O3 (-O2 is fine). Here's another reproducer in case it
helps (derived from code from iconv):
$ cat overflow-reproducer.c
#include <stddef.h>
typedef struct state {
int count;
char bytes[4];
} state_t;
void foo (
state_t *state,
const unsigned char **inptrp,
const unsigned char *inend)
{
const unsigned char *inptr = *inptrp;
size_t inlen;
for (inlen = 0; inlen < (size_t) (state->count & 7); ++inlen)
/* do something */;
if (inptr + (4 - inlen) > inend)
{
while (inptr < inend)
state->bytes[inlen++] = *inptr++;
}
}
$ gcc -O3 -Wall -c overflow-reproducer.c
overflow-reproducer.c: In function ‘foo’:
overflow-reproducer.c:22:31: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
22 | state->bytes[inlen++] = *inptr++;
| ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
overflow-reproducer.c:5:10: note: at offset [4, 11] to object ‘bytes’ with size
4 declared here
5 | char bytes[4];
| ^~~~~
