Bug 92014 - [10 Regression] bogus warning: writing 8 bytes into a region of size 1 in timezone/zic.c
Summary: [10 Regression] bogus warning: writing 8 bytes into a region of size 1 in tim...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 9.0
: P3 normal
Target Milestone: 10.0
Assignee: Martin Sebor
URL:
Keywords: diagnostic, patch
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2019-10-07 17:13 UTC by Martin Sebor
Modified: 2019-10-08 19:51 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2019-10-07 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2019-10-07 17:13:47 UTC
Last week's r276603 has introduced a bug into the count_nonzero_bytes function that leads to a false positive -Wstringop-overflow in glibc's timezone/zic.c.  The test case below reproduces the bogus warning.

$ cat zic.i && gcc -S -O2 -Wall zic.i
struct
{
  char *s1, *s2;
  char c;
} z;


void f (char **a, int i, int j)
{
  char * cp = __builtin_strchr (a[i], '%');

  if (cp && *++cp != 's')
    return;

  z.s1 = __builtin_strdup (a[i]);
  if (!z.s1) __builtin_abort ();

  z.s2 = __builtin_strdup (a[j]);
  if (!z.s2) __builtin_abort ();

  z.c = cp ? *cp : '\0';
}
zic.i: In function ‘f’:
zic.i:21:7: warning: writing 8 bytes into a region of size 1 [-Wstringop-overflow=]
   21 |   z.c = cp ? *cp : '\0';
      |   ~~~~^~~~~~~~~~~~~~~~~
zic.i:4:8: note: destination object declared here
    4 |   char c;
      |        ^
Comment 1 Martin Sebor 2019-10-08 00:59:36 UTC
Patch: https://gcc.gnu.org/ml/gcc-patches/2019-10/msg00509.html
Comment 2 Martin Sebor 2019-10-08 19:48:59 UTC
Author: msebor
Date: Tue Oct  8 19:48:27 2019
New Revision: 276711

URL: https://gcc.gnu.org/viewcvs?rev=276711&root=gcc&view=rev
Log:
PR middle-end/92026 - gcc.dg/Wstringop-overflow-18.c FAIL
PR middle-end/92014 - bogus warning: writing 8 bytes into a region of size 1 in timezone/zic.c

gcc/ChangeLog:
	* tree-ssa-strlen.c (count_nonzero_bytes): Avoid recursing for MEM_REF
	again once nbytes has been set.  Set the access size when not yet set.

gcc/testsuite/ChangeLog:

	PR middle-end/92014
	* gcc.dg/Wstringop-overflow-19.c: New test.

Added:
    trunk/gcc/testsuite/gcc.dg/Wstringop-overflow-19.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/tree-ssa-strlen.c
Comment 3 Martin Sebor 2019-10-08 19:51:58 UTC
Fixed in r276711.