[Bug middle-end/80346] pessimistic stringop-overflow

dgilbert at redhat dot com gcc-bugzilla@gcc.gnu.org
Thu Apr 6 19:14:00 GMT 2017


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80346

--- Comment #2 from Dr. David Alan Gilbert <dgilbert at redhat dot com> ---
Created attachment 41147
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41147&action=edit
a different signed/size case

Here's another case (law said to attach it to the same bug), this is giving:
In function ‘test_acpi_rsdt_table’,
    inlined from ‘test_acpi_one.constprop’ at bug2a.c:19334:5,
    inlined from ‘test_acpi_piix4_tcg’ at bug2a.c:19346:5:
bug2a.c:19319:59: error: argument 1 range [18446744071562067968,
18446744073709551615] exceeds maximum object size 9223372036854775807
[-Werror=alloc-size-larger-than=]
             / __s)) __p = g_malloc0 (__n * __s); else __p = g_malloc0_n (__n,
__s); __p; }));
                                                      
~~~~^~~~~~~~~~~~~~~~~~~~~~~~
bug2a.c: In function ‘test_acpi_piix4_tcg’:
bug2a.c:6004:10: note: in a call to allocation function ‘g_malloc0_n’ declared
here
 gpointer g_malloc0_n (gsize n_blocks,
          ^~~~~~~~~~~

this is the preprocessed output of the original and that error was:
In file included from /usr/include/glib-2.0/glib/glist.h:32:0,
                 from /usr/include/glib-2.0/glib/ghash.h:33,
                 from /usr/include/glib-2.0/glib.h:50,
                 from /home/dgilbert/git/qemu/include/glib-compat.h:19,
                 from /home/dgilbert/git/qemu/include/qemu/osdep.h:107,
                 from bug2.c:13:
In function ‘test_acpi_rsdt_table’,
    inlined from ‘test_acpi_one.constprop’ at bug2.c:80:5,
    inlined from ‘test_acpi_piix4_tcg’ at bug2.c:98:5:
/usr/include/glib-2.0/glib/gmem.h:216:10: error: argument 1 range
[18446744071562067968, 18446744073709551615] exceeds maximum object size
9223372036854775807 [-Werror=alloc-size-larger-than=]
      __p = g_##func##_n (__n, __s);   \
      ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/glib-2.0/glib/gmem.h:278:42: note: in expansion of macro ‘_G_NEW’
 #define g_new0(struct_type, n_structs)   _G_NEW (struct_type, n_structs,
malloc0)
                                          ^~~~~~
bug2.c:62:14: note: in expansion of macro ‘g_new0’
     tables = g_new0(uint32_t, tables_nr);
              ^~~~~~
bug2.c: In function ‘test_acpi_piix4_tcg’:
/usr/include/glib-2.0/glib/gmem.h:96:10: note: in a call to allocation function
‘g_malloc0_n’ declared here
 gpointer g_malloc0_n      (gsize  n_blocks,
          ^~~~~~~~~~~

but immediately before that g_new0 we have a :

    g_assert_cmpint(tables_nr, >, 0);

and the range it's complaing about is FFFFFFFF80000000 and FFFFFFFFFFFFFFFF 
which is very odd.  For ref this is the tests/bios-tables-test.c from qemu.


More information about the Gcc-bugs mailing list