https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100477
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED CC| |msebor at gcc dot gnu.org Resolution|--- |INVALID --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- The warning can be reproduced with the following simplified test case and the IL below (I used -m32 to make the numbers smaller), showing it behaves as designed: $ cat pr100477.C && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout -m32 -xc pr100477.C struct A { int *p; __SIZE_TYPE__ n; }; void f (struct A *p, int v) { __SIZE_TYPE__ n = p->n + sizeof (int); if (n < p->n) __builtin_memset (p->p + n, 0, (p->n - n) * sizeof *p->p); } pr100477.C: In function ‘f’: pr100477.C:12:5: warning: ‘__builtin_memset’ specified bound 4294967280 exceeds maximum object size 2147483647 [-Wstringop-overflow=] 12 | __builtin_memset (p->p + n, 0, (p->n - n) * sizeof *p->p); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ;; Function f (f, funcdef_no=0, decl_uid=1886, cgraph_uid=1, symbol_order=0) Removing basic block 5 void f (struct A * p, int v) { unsigned int n; unsigned int _1; int * _2; unsigned int _3; int * _4; __complex__ unsigned int _10; unsigned int _11; <bb 2> [local count: 1073741824]: _1 = p_7(D)->n; _10 = .ADD_OVERFLOW (_1, 4); n_8 = REALPART_EXPR <_10>; _11 = IMAGPART_EXPR <_10>; if (_11 != 0) goto <bb 3>; [33.00%] else goto <bb 4>; [67.00%] <bb 3> [local count: 354334800]: _2 = p_7(D)->p; _3 = n_8 * 4; _4 = _2 + _3; __builtin_memset (_4, 0, 4294967280); [tail call] <<< -Wstringop-overflow <bb 4> [local count: 1073741824]: return; } Since n is set to _size + 4 in test(), (n < _size) holds only if the addition wraps around zero, implying _size is excessively large. The warning can be avoided by asserting that that isn't so, e.g., by adding the following if (_size >= __PTRDIFF_MAX__ / 4) __builtin_unreachable (); just before the memset call.