[Bug jit/103199] New: FAIL: ../jit/docs/examples/tut04-toyvm/toyvm.c, initial compilation

Thu, 11 Nov 2021 12:09:31 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103199

            Bug ID: 103199
           Summary: FAIL: ../jit/docs/examples/tut04-toyvm/toyvm.c,
                    initial compilation
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: jit
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

A recent regression test run shows FAILs in a couple of JIT example programs,
both due to -Wformat-overflow errors:

/build/gcc-master/gcc/testsuite/jit/jit.log:/src/gcc/master/gcc/testsuite/../jit/docs/examples/tut04-toyvm/toyvm.c:
In function 'toyvm_function_compile':
/build/gcc-master/gcc/testsuite/jit/jit.log:/src/gcc/master/gcc/testsuite/../jit/docs/examples/tut04-toyvm/toyvm.c:565:29:
error: 'sprintf' may write a terminating nul past the end of the destination
[-Werror=format-overflow=]
/build/gcc-master/gcc/testsuite/jit/jit.log:/src/gcc/master/gcc/testsuite/../jit/docs/examples/tut04-toyvm/toyvm.c:565:7:
note: 'sprintf' output between 7 and 17 bytes into a destination of size 16
/build/gcc-master/gcc/testsuite/jit/jit.log:/src/gcc/master/gcc/testsuite/../jit/docs/examples/tut04-toyvm/toyvm.cc:
In member function 'void compilation_state::create_function(const char*)':
/build/gcc-master/gcc/testsuite/jit/jit.log:/src/gcc/master/gcc/testsuite/../jit/docs/examples/tut04-toyvm/toyvm.cc:637:29:
error: 'sprintf' may write a terminating nul past the end of the destination
[-Werror=format-overflow=]
/build/gcc-master/gcc/testsuite/jit/jit.log:/src/gcc/master/gcc/testsuite/../jit/docs/examples/tut04-toyvm/toyvm.cc:637:15:
note: 'sprintf' output between 7 and 17 bytes into a destination of size 16

My best guess is that the recent change to convert the strlen pass away from
EVRP to ranger has enabled the warning thanks to better range info.  Looking at
one of the call sites:

  /* Create a block per operation.  */
  for (pc = 0; pc < fn->fn_num_ops; pc++)
    {
      char buf[16];
      sprintf (buf, "instr%i", pc);
      state.op_blocks[pc] = gcc_jit_function_new_block (state.fn, buf);
    }

the buffer is just big enough to fit the string and a 32-bit nonnegative int. 
But pc is a signed int and if its range as determined by ranger includes
negative values the warning will trigger.

Reply via email to