[Bug middle-end/95276] [10/11 Regression] Amusing stringpop-overflow message building libgfortran

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Sun May 24 21:09:51 GMT 2020


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95276

--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
There are some uninitialized local variables in the reduced test case but with
those made extern I was able to reproduce the warning.  But unless the test
case was reduced too far or the reduction introduced bugs (or I unless missed
something) I think the warning justified.  ztoa_big() is being called with len
> 16 and a buffer of size 33.  The loop in the function iterates 2 * len times,
storing into successive elements of the 33-byte itoa_buf, and then appending
'\0'.  So with len == 17 it writes 35 bytes into the 33-bute itoa_buf.

Here's a much smaller test case that I ultimately reduced it to that shows the
bug (I shrank the buffer while still keeping the size ratios).  The offset of
zero doesn't seem right but that's a side issue.

$ cat pr95276.c && gcc -O2 -S  pr95276.c 
char a[4];

void f (char *s, int n)
{
  if (n <= 2)
    return;

  char *d = a;

  for (int i = 0; i < n; i++)
    {
      extern volatile unsigned char h, l;

      *d++ = s[h];
      *d++ = s[l];
    }

  *d = '\0';
}
pr95276.c: In function ‘f’:
pr95276.c:18:6: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
   18 |   *d = '\0';
      |   ~~~^~~~~~
pr95276.c:1:6: note: at offset 0 to object ‘a’ with size 4 declared here
    1 | char a[4];
      |      ^


More information about the Gcc-bugs mailing list