[Bug middle-end/110091] New: bogus -Wdangling-pointer on non-pointer values
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110091 Bug ID: 110091 Summary: bogus -Wdangling-pointer on non-pointer values Product: gcc Version: 12.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: patrickdepinguin at gmail dot com Target Milestone: --- Following reduced testcase gives a bogus -Wdangling-pointer: struct tEntry { int value; }; struct tOut { int outvalue; }; extern struct tOut *out; extern int otherfunc(struct tEntry *); extern void anotherfunc(int val); void bar() { struct tEntry entry = { 0 }; if (otherfunc(&entry) != 0) { return; } if (out) { out->outvalue = entry.value; } anotherfunc(5); } void foo() { bar(); } $ gcc -O2 -Wall -Werror /opt/test.c /opt/test.c: In function 'bar': /opt/test.c:26:30: error: dangling pointer to 'entry' may be used [-Werror=dangling-pointer=] 26 | out->outvalue = entry.value; | ~^~ /opt/test.c:17:19: note: 'entry' declared here 17 | struct tEntry entry = { 0 }; | ^ In function 'bar', inlined from 'foo' at /opt/test.c:34:5: /opt/test.c:26:30: error: dangling pointer to 'entry' may be used [-Werror=dangling-pointer=] 26 | out->outvalue = entry.value; | ~^~ /opt/test.c: In function 'foo': /opt/test.c:17:19: note: 'entry' declared here 17 | struct tEntry entry = { 0 }; | ^ cc1: all warnings being treated as errors entry is a local struct, initialized to 0, and passed as pointer to an external function. But the use being warned about is not using any pointer. Tested with 12.2.0 (Debian), 12.2.1 (Gentoo), 12.3.0 (official gcc docker image), 13.1.0 (official gcc docker image).
[Bug c++/90809] -finstrument-functions-exclude-function-list mishandles comma escaping
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90809 Thomas De Schampheleire changed: What|Removed |Added CC||patrickdepinguin at gmail dot com --- Comment #3 from Thomas De Schampheleire --- A fix for this issue seems to have been applied as (git) commit efab3e3a7326ad503532955ccd31f953851e388a. This bug can thus be closed.
[Bug c++/90816] -finstrument-functions-exclude-function-list improperly handles namespace/class definitions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90816 Thomas De Schampheleire changed: What|Removed |Added CC||patrickdepinguin at gmail dot com --- Comment #3 from Thomas De Schampheleire --- A fix for this issue seems to have been applied as (git) commit efab3e3a7326ad503532955ccd31f953851e388a. This bug can thus be closed.
[Bug tree-optimization/103173] strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173 --- Comment #4 from Thomas De Schampheleire --- Note also that in the test program of comment #3, there is no problem if using the 'password' or 'application' fields, rather than 'user', which is first in the structure.
[Bug tree-optimization/103173] strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173 --- Comment #3 from Thomas De Schampheleire --- While the original test program failed on gcc 11.2.0 but not on gcc 9.4.0, I now encounter a very similar case that does fail on gcc 9.4.0: -- #include #define MAX_NR_USERS 10 struct user_data { char user[32]; char password[32]; char application[32]; }; struct user_data users[MAX_NR_USERS]; void login_process() { char tmp_user[33]; for (int i = 0; i < MAX_NR_USERS; i++) { snprintf(tmp_user, sizeof(tmp_user), "%s", &(users[i].user[0])); } } -- arm-cortex_a53-linux-gnueabi-gcc /tmp/gcc-9-test.c -c -Wall -O2 /tmp/gcc-9-test.c: In function 'login_process': /tmp/gcc-9-test.c:19:47: warning: '%s' directive output may be truncated writing up to 959 bytes into a region of size 33 [-Wformat-truncation=] 19 | snprintf(tmp_user, sizeof(tmp_user), "%s", &(users[i].user[0])); | ^~ /tmp/gcc-9-test.c:19:9: note: 'snprintf' output between 1 and 960 bytes into a destination of size 33 19 | snprintf(tmp_user, sizeof(tmp_user), "%s", &(users[i].user[0])); | ^~~ Here, the claimed 960 bytes are the total size of 'users' (3 * 32 * 10), while the copied 'user' field is only 33 byte and there should be no problem. The error is now -Wformat-truncation instead of -Wstringop-truncation but otherwise this looks to be the same underlying problem. This compiler is: Using built-in specs. COLLECT_GCC=.../buildroot-toolchains-bis/output/host/opt/ext-toolchain/bin/arm-cortex_a53-linux-gnueabi-gcc COLLECT_LTO_WRAPPER=.../buildroot-toolchains-bis/output/host/opt/ext-toolchain/arm/bin/../libexec/gcc/arm-cortex_a53-linux-gnueabi/9.4.0/lto-wrapper Target: arm-cortex_a53-linux-gnueabi Configured with: .../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/src/gcc/configure --build=x86_64-build_pc-linux-gnu --host=x86_64-build_pc-linux-gnu --target=arm-cortex_a53-linux-gnueabi --prefix=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi --exec_prefix=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi --with-sysroot=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot --enable-languages=c,c++,fortran --with-cpu=cortex-a53 --with-fpu=neon-fp-armv8 --with-float=hard --with-pkgversion='crosstool-NG 1.24.0.487_10ac846' --enable-__cxa_atexit --disable-tm-clone-registry --disable-libmudflap --disable-libgomp --disable-libssp --disable-libquadmath --disable-libquadmath-support --disable-libsanitizer --disable-libmpx --with-gmp=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --with-mpfr=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --with-mpc=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --with-isl=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --disable-lto --without-zstd --enable-threads=posix --enable-target-optspace --disable-plugin --disable-nls --disable-multilib --with-local-prefix=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot --enable-long-long Thread model: posix gcc version 9.4.0 (crosstool-NG 1.24.0.487_10ac846)
[Bug other/103736] New: snprintf bogus format-truncation, disregarding modulo on argument
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103736 Bug ID: 103736 Summary: snprintf bogus format-truncation, disregarding modulo on argument Product: gcc Version: 11.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: patrickdepinguin at gmail dot com Target Milestone: --- gcc 11.2.0 and gcc 9.4.0 give a bogus format-truncation warning on following test case compiled with -Wall and -O2: #include #include void func(void) { extern int8_t timezoneval; char timezone[1+2+1]; if(timezoneval < 0) { snprintf(timezone, sizeof(timezone),"-%02d",-(timezoneval % 100)); } else { snprintf(timezone, sizeof(timezone),"+%02d", timezoneval % 100); } } Warning: /tmp/test.cpp: In function 'void func()': /tmp/test.cpp:15:52: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=] 15 | snprintf(timezone, sizeof(timezone),"+%02d", timezoneval % 100); |^ /tmp/test.cpp:15:18: note: 'snprintf' output between 4 and 5 bytes into a destination of size 4 15 | snprintf(timezone, sizeof(timezone),"+%02d", timezoneval % 100); | ^~~ Since timezoneval is used modulo 100, it will not take up more than two digits (note that if timezoneval is negative, its value is negated first, so the string representation will be positive). Together with the literal sign character, and the null-termination, max. total size is 4 bytes. Yet, gcc considers that 5 bytes may be needed. When the parentheses in the first snprintf are omitted, causing the modulo operator to operate on the negated timezoneval, the warning disappears. Funnily enough, the warning is about the _second_, unmodified, snprintf: #include #include void func(void) { extern int8_t timezoneval; char timezone[1+2+1]; if(timezoneval < 0) { snprintf(timezone, sizeof(timezone),"-%02d",-timezoneval % 100); } else { snprintf(timezone, sizeof(timezone),"+%02d", timezoneval % 100); } } I found some possibly related older bugs, but was unsure if it's the same and known to still apply on gcc 11. Feel free to mark this one as duplicated to the relevant one. Bug #78969 - bogus snprintf truncation warning due to missing range info Bug #77721 - -Wformat-truncation not uses arg range for converted vars Bug #94021 - -Wformat-truncation false positive due to excessive integer range
[Bug other/103542] New: bogus -Warray-bounds while index is limited by switch/case
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103542 Bug ID: 103542 Summary: bogus -Warray-bounds while index is limited by switch/case Product: gcc Version: 11.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: patrickdepinguin at gmail dot com Target Milestone: --- gcc 11.2.0 reports the following on a reduced test case: $ powerpc-linux-gcc -c array-bounds-fruit.c -O2 -Wall -Werror array-bounds-fruit.c: In function 'get_default_config.part.0': array-bounds-fruit.c:69:37: error: array subscript 4 is above array bounds of 'struct fruit_config[4]' [-Werror=array-bounds] 69 | do_something(id, &config[id].num_lemons); | ~~^~~~ array-bounds-fruit.c:19:28: note: while referencing 'config' 19 | static struct fruit_config config[4]; |^~ cc1: all warnings being treated as errors Above is for powerpc, but I have the same problem with ARM. The offending line is inside a switch/case, within the block where 'id' is tested to be 0, 1, 2, or 3. gcc/g++ is considering a case where 'id' becomes 4, which is not possible in this code. If I make any more changes (even seemingly unrelated changes) to the test case, the error disappears. Test code: #include #include #include enum { ID_0 = 0, ID_1 = 1, ID_2 = 2, ID_3 = 3, MAX_IDS, }; #define MAX_ENTRIES 256 struct fruit_config { uint32_t num_apples; uint32_t num_lemons; uint32_t * lemons; }; static struct fruit_config config[4]; static uint32_t unrelated_table[MAX_IDS][MAX_ENTRIES]; uint32_t do_something(const uint32_t id, uint32_t * number_of_entries) { uint32_t error = 0; switch (id) { /* merging these case statements with identical body removes the issue */ case ID_0: { *number_of_entries = 0; break; } case ID_1: { *number_of_entries = 0; break; } case ID_2: { *number_of_entries = 0; break; } case ID_3: { *number_of_entries = 0; break; } default: { error = 0xff; *number_of_entries = 0; break; } } return error; } struct fruit_config * get_default_config(const uint32_t id) { switch (id) { case ID_0: case ID_1: case ID_2: case ID_3: { uint32_t entry = 0; for (entry = 0; entry
[Bug tree-optimization/103173] New: strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173 Bug ID: 103173 Summary: strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation] Product: gcc Version: 11.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: patrickdepinguin at gmail dot com Target Milestone: --- gcc 11.2.0 gives a bogus warning of type 'stringop-truncation' on below reduced test case. .../arm-cortex_a53-linux-gnueabi-gcc -O2 -Wall -Werror -c /tmp/test.c -o /tmp/foo.o /tmp/test.c: In function 'func': /tmp/test.c:22:5: error: 'strncpy' output may be truncated copying 32 bytes from a string of length 1439 [-Werror=stringop-truncation] 22 | strncpy(dest, data[j].name, sizeof(dest)); | ^ cc1: all warnings being treated as errors - #include struct data_struct { char name[32]; int bar; }; void func() { extern struct data_struct data[40]; extern char dest[32]; int j=0; strncpy(dest, data[j].name, sizeof(dest)); }; - Here 'dest' is correctly interpreted as an array of size 32, but 'data[j].name' is interpreted as having size 1439 which is incorrect, as it should also have size 32 (name member of struct data_struct). Following factors influence the reported size 1439: * if data_struct is given more or less additional members, like 'bar' * if the array length of 'data' (40) is changed * if the length of the 'name' array in data_struct is changed If 'j' is replaced by 0 directly, as in: strncpy(dest, data[0].name, sizeof(dest)); the error disappears. This problem did not occur on our previous toolchain with gcc 7.4.0 for the same architecture, nor for x86_64 with gcc 7.5.0. Info from gcc -v: Using built-in specs. COLLECT_GCC=.../buildroot-toolchains/output/host/opt/ext-toolchain/bin/arm-cortex_a53-linux-gnueabi-gcc COLLECT_LTO_WRAPPER=.../buildroot-toolchains/output/host/opt/ext-toolchain/arm/bin/../libexec/gcc/arm-cortex_a53-linux-gnueabi/11.2.0/lto-wrapper Target: arm-cortex_a53-linux-gnueabi Configured with: .../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/src/gcc/configure --build=x86_64-build_pc-linux-gnu --host=x86_64-build_pc-linux-gnu --target=arm-cortex_a53-linux-gnueabi --prefix=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi --exec_prefix=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi --with-sysroot=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot --enable-languages=c,c++,fortran --with-cpu=cortex-a53 --with-fpu=neon-fp-armv8 --with-float=hard --with-pkgversion='crosstool-NG 1.24.0.487_10ac846' --enable-__cxa_atexit --disable-libmudflap --disable-libgomp --disable-libssp --disable-libquadmath --disable-libquadmath-support --disable-libsanitizer --disable-libmpx --with-gmp=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --with-mpfr=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --with-mpc=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --with-isl=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools --disable-lto --without-zstd --enable-threads=posix --enable-target-optspace --disable-plugin --disable-nls --disable-multilib --with-local-prefix=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot --enable-long-long Thread model: posix Supported LTO compression algorithms: zlib gcc version 11.2.0 (crosstool-NG 1.24.0.487_10ac846)
[Bug tree-optimization/88240] [9 Regression] Potential optimization bug: invalid pre-load of floating-point value could cause SIGFPE-underflow if value is integer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88240 --- Comment #23 from Thomas De Schampheleire --- Thanks a lot!