https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103215
Bug ID: 103215 Summary: [12 regression] gcc generates unexpected warnings on libx11-1.7.2: error: array subscript -2 is outside array bounds of Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: slyfox at gcc dot gnu.org Target Milestone: --- Upstream core: https://gitlab.freedesktop.org/xorg/lib/libx11/-/blob/6d1dc1f6169ebf0ba71785d461bd98129c65c862/src/RdBitF.c#L156 Self-contained example: // $ cat bug.c #include <string.h> int extract(char*); int XReadBitmapFileData (void) { char name_and_type[255]; for (;;) { extract (name_and_type); char * type = strrchr (name_and_type, '_'); if (type) type++; else type = name_and_type; if (strcmp ("hot", type) == 0) { if (type-- == name_and_type || type-- == name_and_type) continue; if (strcmp ("ax_hot", type) == 0) return 1; } } return -1; } Good: $ gcc-11.2.0 -Wall -Werror=array-bounds -fno-strict-aliasing -O2 -c bug.c -o bug.o Bad: $ gcc-12.0.0 -Wall -Werror=array-bounds -fno-strict-aliasing -O2 -c bug.c -o bug.o bug.c: In function 'XReadBitmapFileData': bug.c:10:48: error: array subscript -2 is outside array bounds of 'char[9223372036854775807]' [-Werror=array-bounds] 10 | if (type-- == name_and_type || type-- == name_and_type) continue; | ~~~~^~ bug.c:4:14: note: at offset [0, 253] into object 'name_and_type' of size 255 4 | char name_and_type[255]; | ^~~~~~~~~~~~~ cc1: some warnings being treated as errors Does double post-increment `if (type-- == name_and_type || type-- == name_and_type)` have defined behaviour? I think error message is at least incorrectly worded. I don't think there is an out-of-bounds access. $ LANG=C ./result-2/bin/gcc -v Using built-in specs. COLLECT_GCC=/nix/store/w588w2rqb5zrs6d09q3rmqpf7m9259y1-gcc-12.0.0/bin/gcc COLLECT_LTO_WRAPPER=/nix/store/w588w2rqb5zrs6d09q3rmqpf7m9259y1-gcc-12.0.0/libexec/gcc/x86_64-unknown-linux-gnu/12.0.0/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: Thread model: posix Supported LTO compression algorithms: zlib gcc version 12.0.0 20211107 (experimental) (GCC)