https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103292
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID Keywords| |diagnostic See Also| |https://gcc.gnu.org/bugzill | |a/show_bug.cgi?id=102151 CC| |msebor at gcc dot gnu.org --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- The warning is intended. The program allocates an object of a size that's smaller than the size of the type used to access it: pPicture->pSourcePict = (union _SourcePict*) malloc(sizeof(struct _PictSolidFill)); pPicture->pSourcePict->type = 0; It's not valid to access an object of one type using an lvalue of another. In simple cases GCC diagnoses violations of this requirement by -Wstrict-aliasing. -Warray-bounds doesn't detect aliasing violations but it does detect a subset of the problem that's apparent when the size of the lvalue's type is greater than the size of the object. The object must be big enough for the whole lvalue, even if the accessed member is within the bounds of the smaller object. The following is a smaller test case that should make the issue clearer. See also pr102151 for a similar report. $ cat a.c && gcc -O2 -S -Wall a.c struct A { char a[1]; }; struct B { char a[2]; }; union U { struct A a; struct B b; }; void* f (void) { union U *p = __builtin_malloc (sizeof (struct A)); p->a.a[0] = 0; return p; } a.c: In function ‘f’: a.c:8:4: warning: array subscript ‘union U[0]’ is partly outside array bounds of ‘unsigned char[1]’ [-Warray-bounds] 8 | p->a.a[0] = 0; | ^~ a.c:7:16: note: object of size 1 allocated by ‘__builtin_malloc’ 7 | union U *p = __builtin_malloc (sizeof (struct A)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~