https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109577
Bug ID: 109577
Summary: -Wanalyzer-allocation-size mishandles
__builtin_mul_overflow
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: eggert at gnu dot org
Target Milestone: ---
This is (GCC) 13.0.1 20230401 (Red Hat 13.0.1-0) on x86-64.
Compile the following program with 'gcc -O2 -S -fanalyzer t.c'. GCC will
incorrectly complain "warning: allocated buffer size is not a multiple of the
pointee's size [CWE-131]". But the allocated buffer size must be a multiple of
sizeof (double), due to the checked call to __builtin_mul_overflow. As the
code's comment suggests, if the code uses plain * (integer multiply) instead
the bogus warning goes away.
I ran into this problem when compiling Emacs, which is often careful about
checking integer overflow. As a result I think I'll compile Emacs with
-Wno-analyzer-allocation-size to suppress false alarms, which would be a real
shame since this warning is useful for lower-quality code.
#include <stdlib.h>
int
main (int argc, char **argv)
{
size_t s;
double *d;
if (__builtin_mul_overflow (argc, sizeof *d, &s))
return 1;
// No warning if the above is replaced with 's = argc * sizeof *d;'.
d = malloc (s);
if (d && s)
{
d[0] = argc;
d[argc - 1] = argc + 1;
return d[0];
}
return 0;
}
