https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101600
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
There's another bug here that can be reproduced with the following slightly
modified version of the original test case:
$ cat pr101600-c2.C && /build/gcc-master/gcc/xgcc -B /build/gcc-master/gcc -O2
-S -Wall pr101600-c2.C
struct S1 { virtual ~S1(); };
struct S2 { int m; };
struct S3 { virtual ~S3(); };
struct S4: S1, S2, S3 {};
int f1();
void f2 (S3 *);
S4 s4;
void f3 (void)
{
S2 *p = &s4;
for (int i = f1(); f1();)
{
if (i == 0)
{
p = nullptr;
break;
}
}
f2 (static_cast<S4 *>(p));
}
pr101600-c2.C: In function ‘void f3()’:
pr101600-c2.C:25:6: warning: array subscript 0 is outside array bounds of ‘S2
[2305843009213693951]’ [-Warray-bounds]
25 | f2 (static_cast<S4 *>(p));
| ~~~^~~~~~~~~~~~~~~~~~~~~~
pr101600-c2.C:4:8: note: at offset -8 into object ‘S4::<anonymous>’ of size 4
4 | struct S4: S1, S2, S3 {};
| ^~
A simpler (but contrived) C test case goes something like this:
$ cat u.c && gcc -O2 -S -Wall u.c
struct A { int i, j; } a;
int f (void);
void g (int);
void h (void)
{
void *p = &a.j;
for (int i = f (); f (); )
if (!i)
{
p = 0;
break;
}
int o = __builtin_offsetof (struct A, j);
struct A *q = (struct A*)((char*)p - o);
g (q->i);
}
u.c: In function ‘h’:
u.c:20:7: warning: array subscript 0 is outside array bounds of
‘void[9223372036854775807]’ [-Warray-bounds]
20 | g (q->i);
| ^~
u.c:1:19: note: at offset -4 into object ‘j’ of size 4
1 | struct A { int i, j; } a;
| ^
