[Bug middle-end/111696] New: [11/12/13/14 Regression] Spurious -Wstringop-overflow

Wed, 04 Oct 2023 11:03:41 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111696

            Bug ID: 111696
           Summary: [11/12/13/14 Regression] Spurious -Wstringop-overflow
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: stilor at att dot net
  Target Milestone: ---

Created attachment 56052
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56052&action=edit
test case

The attached testcase started producing a warning beginning with commit
8d57bdadd2d9c2e5c95515ca7a583d7b407b55c4 when compiled with `-O3` (or `-O2
-ftree-slp-vectorize`). Starting with commit
2b8453c401b699ed93c085d0413ab4b5030bcdb8, vectorization is also enabled at
`-O2` and the testcase starting failing at `-O2` as well. The warning can be
reproduced at current HEAD (96557ee6a0a234821af865800d22621efa6e7390) as well.

Failure message:

$ /usr/gcc-test/bin/gcc -c -O3 -Wall -Werror stringop-overflow-bug-gcc.c 
stringop-overflow-bug-gcc.c: In function ‘update’:
stringop-overflow-bug-gcc.c:25:3: error: writing 24 bytes into a region of size
16 [-Werror=stringop-overflow=]
   25 |   memcpy(&last->s, &cur.s, sizeof(struct nested));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
stringop-overflow-bug-gcc.c:10:17: note: destination object ‘a’ of size 16
   10 |   unsigned long a[2];
      |                 ^
cc1: all warnings being treated as errors
$ /usr/gcc-test/bin/gcc -v
Using built-in specs.
COLLECT_GCC=/usr/gcc-test/bin/gcc
COLLECT_LTO_WRAPPER=/usr/gcc-test/libexec/gcc/x86_64-pc-linux-gnu/11.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../gcc/configure --enable-languages=c --prefix=/usr/gcc-test
--disable-bootstrap
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.0.1 20210303 (experimental) (GCC) 


The message is bogus:
- the "note" points to a member inside a structure and references that member's
size while memcpy has the whole structure as a destination.
- commenting out any of the first two statements in the update() function
removes the warning even though it has no effect on the addresses passed to
memcpy().

Reply via email to