[Bug middle-end/80346] pessimistic stringop-overflow
msebor at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Apr 7 19:16:00 GMT 2017
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80346
--- Comment #10 from Martin Sebor <msebor at gcc dot gnu.org> ---
108 /* compute the table entries in rsdt */
109 tables_nr = (rsdt_table->length - sizeof(AcpiRsdtDescriptorRev1)) /
110 sizeof(uint32_t);
111 g_assert_cmpint(tables_nr, >, 0);
For GCC to "understand" the assertion it would need to see the condition and be
able to prove the allocation that follows cannot be reached (e.g., because the
assertion exits the program by calling a noreturn function like abort or exit
when the condition is false). From the preprocessed translation unit in
attachment 41147 it looks as though the whole g_assert_cmpint expands to an
unconditional function call (g_assertion_message_cmpnum) that's not decorated
with attribute noreturn, and so the condition doesn't affect the range of the
variable.
Also, when working with sizes it's best to deal with unsigned types. Storing a
size in an int and using it in mixed-type expressions involving size_t (like
sizeof) can easily introduce the possibility of overflow (as far as GCC can
see) and turn a non-negative range into a negative-positive one. In the
attachment, changing the type of the tables_nr local variable from int to
size_t eliminates the warning,
More information about the Gcc-bugs
mailing list