https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104965
Bug ID: 104965 Summary: Yet another -Warray-bounds false positive Product: gcc Version: 12.0 Status: UNCONFIRMED Keywords: diagnostic Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: redi at gcc dot gnu.org Blocks: 56456 Target Milestone: --- Maybe another dup, I can't keep track. #include <string> template<typename T> T* f(const std::basic_string<T>& str) { auto n = str.size(); auto p = new T[n]; str.copy(p, n); return p; } int main() { std::basic_string<unsigned short> s; auto p = f(s); char c = 0; if (s.size()) c = *p; delete[] p; return c; } With -O2 copy.cc: In function 'int main()': copy.cc:18:9: warning: array subscript 0 is outside array bounds of 'short unsigned int [0]' [-Warray-bounds] 18 | c = *p; | ^~ In function 'T* f(const std::__cxx11::basic_string<_CharT>&) [with T = short unsigned int]', inlined from 'int main()' at copy.cc:15:13: copy.cc:7:12: note: object of size 0 allocated by 'operator new []' 7 | auto p = new T[n]; | ^~~~~~~~ This is ridiculous. The array subscript is guarded by the same length as the array. GCC manages to use the string length to determine the allocation size, but can't use it to confirm the conditional read doesn't happen. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456 [Bug 56456] [meta-bug] bogus/missing -Warray-bounds