https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95072
Bug ID: 95072 Summary: -Warray-bounds false positive with flexible array bounds (regression from GCC 9) Product: gcc Version: 10.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: eggert at cs dot ucla.edu Target Milestone: --- Created attachment 48514 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48514&action=edit Test program illustrating the -Warray-bounds=2 false alarm I ran into several false alarms when building GNU Emacs master with GCC 10.1.0 x86-64, which I compiled from source under RHEL 7.7. To reproduce one of them, compile the attached file xx3.i (a drastic simplification of the Emacs original) with: gcc -S -Warray-bounds=2 -O2 xx3.i The output I get is: xx3.i: In function 'set_frame_menubar': xx3.i:17:5: warning: 'memcpy' offset 3 from the object at 'menu_bar_vector' is \ out of the bounds of referenced subobject 'contents' with type 'union Lisp_X *[\ ]' at offset 3 [-Warray-bounds] 17 | memcpy (previous_items, | ^~~~~~~~~~~~~~~~~~~~~~~ 18 | ((struct Lisp_Vector *) ((char *) menu_bar_vector - 5))->contents, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19 | previous_menu_items_used); | ~~~~~~~~~~~~~~~~~~~~~~~~~ xx3.i:9:17: note: subobject 'contents' declared here 9 | Lisp_Object contents[]; | ^~~~~~~~ In the Emacs original, menu_bar_vector is a tagged pointer; subtracting 5 gives you the true pointer to the struct. Somehow the subtraction of 5 confuses GCC and it incorrectly claims that the flexible array member has an upper bound of at most 3. I do not observe the problem with GCC 9.3.0 on the same platform.