https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92337
Bug ID: 92337 Summary: Bogus -Werror=array-bounds below array bounds warning in glibc stdlib/strtod_l.c Product: gcc Version: 10.0 Status: UNCONFIRMED Keywords: diagnostic Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: fw at gcc dot gnu.org Target Milestone: --- Created attachment 47160 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=47160&action=edit Preprocessed output of stdlib/strtod_l.c The warning: In file included from ../sysdeps/ieee754/float128/strtof128_l.c:48, from ../sysdeps/ieee754/float128/wcstof128_l.c:27: ../stdlib/strtod_l.c: In function ‘____wcstof128_l_internal’: ../stdlib/strtod_l.c:1676:22: error: array subscript -1 is below array bounds of ‘mp_limb_t[4]’ {aka ‘long unsigned int[4]’} [-Werror=array-bounds] 1676 | retval[i] = retval[i - empty]; | ~~~~~~^~~~~~~~~~~ ../stdlib/strtod_l.c:523:13: note: while referencing ‘retval’ 523 | mp_limb_t retval[RETURN_LIMB_SIZE]; | ^~~~~~ The code looks like this: for (i = RETURN_LIMB_SIZE - 1; i >= empty; --i) retval[i] = retval[i - empty]; After preprocessor expansion: # 1675 "../stdlib/strtod_l.c" for (i = (((113) + ((32) - 1)) / (32)) - 1; i >= empty; --i) retval[i] = retval[i - empty]; I think the condition i >= empty should be sufficient to guard against negative array indices. Compile the .i file with gcc -m32 -O2 -Wall -Werror /tmp/wcstof128_l.i. Seen with r277743 from yesterday (I think; for some reason that information wasn't compiled into the binary). Note that this reproduces only for i686 against the glibc sources because that this is the only 32-bit target that has float128 support. 64-bit targets and other 32-bit targets appear unaffected. This is probably a side effect of how the constants in the source code work out, and not related to the bug.