[Bug middle-end/95988] New: [10/11 Regression] Bogus -Warray-bounds/-Wstringop-overflow warning with loop

pinskia at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Tue Jul 21 19:17:41 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95988

            Bug ID: 95988
           Summary: [10/11 Regression] Bogus
                    -Warray-bounds/-Wstringop-overflow warning  with loop
           Product: gcc
           Version: 10.0
            Status: NEW
          Keywords: diagnostic
          Severity: normal
          Priority: P2
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: pinskia at gcc dot gnu.org
                CC: msebor at gcc dot gnu.org
        Depends on: 94655
  Target Milestone: 10.2
  Target Milestone: 10.2
                CC: msebor at gcc dot gnu.org
  Last reconfirmed: 2020-06-30
            Status: NEW
          Priority: P2
    Ever confirmed: 1
        Depends on: 94655

Compile with -O2 -W -Wall:

void f(int*);
void g(int*);
struct  sched_group_t {
  int lock;
  struct {
   char name[32 + 1];
   int aa;
  } group[(3 + 9)];
} ;
struct sched_global_t {
 char t[(3 + 9)][3];
 struct sched_group_t sched_group;
};

struct sched_global_t *sched_global;

int hh(const char *name)
{
 struct sched_group_t *sched_group = &sched_global->sched_group;
 int i;

 g(&sched_group->lock);

 for (i = 3; i < (3 + 9); i++) {
  if (!sched_group->group[i].aa) 
  {
   char *grp_name = sched_group->group[i].name;
    __builtin_strncpy(grp_name, name, 32 - 1);
    grp_name[32 - 1] = 0;
   break;
  }
 }
 f(&sched_group->lock);
 return 0;
}

--- CUT ---
t.c: In function ‘hh’:
t.c:28:5: warning: ‘__builtin_strncpy’ offset [124, 484] is out of the bounds
[0, 4] [-Warray-bounds]
   28 |     __builtin_strncpy(grp_name, name, 32 - 1);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
t.c:29:22: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
   29 |     grp_name[32 - 1] = 0;
      |     ~~~~~~~~~~~~~~~~~^~~
t.c:4:7: note: at offset 155 to object ‘lock’ with size 4 declared here
    4 |   int lock;
      |       ^~~~

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The problem is related to &sched_global->sched_group and
&sched_global->sched_group->lock are at the same location, so GCC seems to
select the MEM for &sched_global->sched_group->lock for both. THIS is just a
diagnostic issue of the warning.

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note unlike other -Warray-bounds/-Wstringop-overflow warnings, there is no
flexiable array in effect here.  Rather it is due to using the offset for
sched_global->sched_group and sched_global->sched_group.lock issue.

--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
I should mention this was reduced from upstream ODP
(https://opendataplane.org/) Linux generic version.

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
I think this is related to PR 94655.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94655
[Bug 94655] [10/11 Regression] Implicit assignment operator triggers
stringop-overflow warning since r10-5451-gef29b12cfbb4979a

More information about the Gcc-bugs mailing list