https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96259
Bug ID: 96259
Summary: Regression warning on GCC 10
Product: gcc
Version: 10.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: freddy77 at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
I found this issue updating a software from Fedora 31 to Fedora 32. I manage to
reproduce the problem with this main.c file:
struct DataIn {
int type;
int dummy;
};
struct DataOut {
struct DataIn in;
};
void func(struct DataOut *data)
{
if (data->in.type) {
__builtin_memset(&(data->in), 0, sizeof(struct DataIn));
}
}
and using this command line:
gcc -Warray-bounds=2 -Werror -O2 -fsanitize=address -c main.c
this is reporting:
<source>: In function 'void func(DataOut*)':
<source>:15:24: error: 'void* __builtin_memset(void*, int, long unsigned int)'
offset [4, 7] from the object at 'data' is out of the bounds of referenced
subobject 'DataIn::type' with type 'int' at offset 0 [-Werror=array-bounds]
15 | __builtin_memset(&(data->in), 0, sizeof(struct DataIn));
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:4:8: note: subobject 'DataIn::type' declared here
4 | int type;
| ^~~~
cc1plus: all warnings being treated as errors
Compiler returned: 1
I reproduced the issue using https://godbolt.org/ so I verified that this
happens with GCC 10.1 but not with GCC 9.3. It seems related to:
- nested structure
- having a "if" in the code
- "-Warray-bounds=2"
- "-fsanitize=address"
I know "-Warray-bounds=2" could have false positive but it's still a
regression.
