This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/77606] abort in __memcpy_chk on an in-bounds copy with type-2 builtin_object_size
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 15 Sep 2016 19:09:58 +0000
- Subject: [Bug middle-end/77606] abort in __memcpy_chk on an in-bounds copy with type-2 builtin_object_size
- Auto-submitted: auto-generated
- References: <bug-77606-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77606
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The following test case reduces the problem to __builtin_object_size failing
for pointers to objects that are the result of a __builtin_malloc call (or VLA
definition) with an argument that's a runtime conditional expression.
$ cat z.c && /build/gcc-trunk-git/gcc/xgcc -B /build/gcc-trunk-git/gcc -O2
-Wall -Wextra -Wpedantic z.c && ./a.out
#define P(x) \
__builtin_printf ("%2zd %2zd %2zd %2zd\n", \
__builtin_object_size (x, 0), \
__builtin_object_size (x, 1), \
__builtin_object_size (x, 2), \
__builtin_object_size (x, 3)) \
int main (int argc, char *argv[])
{
(void)argv;
{
char b [1 < argc ? 13 : 17 ];
P (b);
}
{
char a [13];
char b [17];
char *p = 1 < argc ? a : b;
P (p);
}
{
char *p = 1 < argc ? __builtin_malloc (13) : __builtin_malloc (17);
P (p);
}
{
char *p = __builtin_malloc (1 < argc ? 13 : 17);
P (p);
}
}
-1 -1 0 0
17 17 13 13
17 17 13 13
-1 -1 0 0