https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95072
Bug ID: 95072
Summary: -Warray-bounds false positive with flexible array
bounds (regression from GCC 9)
Product: gcc
Version: 10.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: eggert at cs dot ucla.edu
Target Milestone: ---
Created attachment 48514
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48514&action=edit
Test program illustrating the -Warray-bounds=2 false alarm
I ran into several false alarms when building GNU Emacs master with GCC 10.1.0
x86-64, which I compiled from source under RHEL 7.7. To reproduce one of them,
compile the attached file xx3.i (a drastic simplification of the Emacs
original) with:
gcc -S -Warray-bounds=2 -O2 xx3.i
The output I get is:
xx3.i: In function 'set_frame_menubar':
xx3.i:17:5: warning: 'memcpy' offset 3 from the object at 'menu_bar_vector' is
\
out of the bounds of referenced subobject 'contents' with type 'union Lisp_X
*[\
]' at offset 3 [-Warray-bounds]
17 | memcpy (previous_items,
| ^~~~~~~~~~~~~~~~~~~~~~~
18 | ((struct Lisp_Vector *) ((char *) menu_bar_vector - 5))->contents,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
19 | previous_menu_items_used);
| ~~~~~~~~~~~~~~~~~~~~~~~~~
xx3.i:9:17: note: subobject 'contents' declared here
9 | Lisp_Object contents[];
| ^~~~~~~~
In the Emacs original, menu_bar_vector is a tagged pointer; subtracting 5 gives
you the true pointer to the struct. Somehow the subtraction of 5 confuses GCC
and it incorrectly claims that the flexible array member has an upper bound of
at most 3.
I do not observe the problem with GCC 9.3.0 on the same platform.
