https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92337
Bug ID: 92337
Summary: Bogus -Werror=array-bounds below array bounds warning
in glibc stdlib/strtod_l.c
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: fw at gcc dot gnu.org
Target Milestone: ---
Created attachment 47160
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=47160&action=edit
Preprocessed output of stdlib/strtod_l.c
The warning:
In file included from ../sysdeps/ieee754/float128/strtof128_l.c:48,
from ../sysdeps/ieee754/float128/wcstof128_l.c:27:
../stdlib/strtod_l.c: In function ‘____wcstof128_l_internal’:
../stdlib/strtod_l.c:1676:22: error: array subscript -1 is below array bounds
of ‘mp_limb_t[4]’ {aka ‘long unsigned int[4]’} [-Werror=array-bounds]
1676 | retval[i] = retval[i - empty];
| ~~~~~~^~~~~~~~~~~
../stdlib/strtod_l.c:523:13: note: while referencing ‘retval’
523 | mp_limb_t retval[RETURN_LIMB_SIZE];
| ^~~~~~
The code looks like this:
for (i = RETURN_LIMB_SIZE - 1; i >= empty; --i)
retval[i] = retval[i - empty];
After preprocessor expansion:
# 1675 "../stdlib/strtod_l.c"
for (i = (((113) + ((32) - 1)) / (32)) - 1; i >= empty; --i)
retval[i] = retval[i - empty];
I think the condition i >= empty should be sufficient to guard against negative
array indices.
Compile the .i file with gcc -m32 -O2 -Wall -Werror /tmp/wcstof128_l.i. Seen
with r277743 from yesterday (I think; for some reason that information wasn't
compiled into the binary).
Note that this reproduces only for i686 against the glibc sources because that
this is the only 32-bit target that has float128 support. 64-bit targets and
other 32-bit targets appear unaffected. This is probably a side effect of how
the constants in the source code work out, and not related to the bug.
