https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104986
Bug ID: 104986
Summary: [12 Regression] bogus writing 1 byte into a region of
size 0 with -fwrapv and -O2 -fpeel-loops
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: andres at anarazel dot de
Target Milestone: ---
Hi,
recently started seeing bogus warnings using gcc 12 to build postgres. I
reduced the problem using cvise with some manual cleanups / improvements
afterwards - certainly doesn't quite make sense anymore, but afaics shows a
problem.
Originally I hit this with -O3, but found that -O2 -fpeel-loops is sufficient
to trigger the problem.
repro: https://godbolt.org/z/ejK9h6von
code:
struct inet_struct {
char family;
char ipaddr[16];
};
void
inetnot(struct inet_struct *dst1, struct inet_struct *dst2, struct inet_struct
*src) {
int nb = src->family ? 4 : 6;
char *psrc = src->ipaddr;
char *pdst = dst1 ? dst1->ipaddr : dst2->ipaddr;
while (nb-- > 0)
pdst[nb] = psrc[nb];
}
gcc-12 -fwrapv -O2 -fpeel-loops -c network2.i
network2.i: In function ‘inetnot’:
network2.i:12:14: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
12 | pdst[nb] = psrc[nb];
| ~~~~~~~~~^~~~~~~~~~
network2.i:3:8: note: at offset -1 into destination object ‘ipaddr’ of size 16
3 | char ipaddr[16];
| ^~~~~~
network2.i:3:8: note: at offset -1 into destination object ‘ipaddr’ of size 16
which afaics is bogus, because the loop terminates before reaching offset -1,
the condition is > 0, not >= 0. So the post decrement can't lead to -1 being
reached.
version: gcc version 12.0.1 20220314 (experimental) [master
r12-7638-g823b3b79cd2] (Debian 12-20220313-1)
Regards,
Andres
