[Bug middle-end/104965] New: Yet another -Warray-bounds false positive
redi at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Thu Mar 17 12:15:02 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104965
Bug ID: 104965
Summary: Yet another -Warray-bounds false positive
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
Blocks: 56456
Target Milestone: ---
Maybe another dup, I can't keep track.
#include <string>
template<typename T>
T* f(const std::basic_string<T>& str)
{
auto n = str.size();
auto p = new T[n];
str.copy(p, n);
return p;
}
int main()
{
std::basic_string<unsigned short> s;
auto p = f(s);
char c = 0;
if (s.size())
c = *p;
delete[] p;
return c;
}
With -O2
copy.cc: In function 'int main()':
copy.cc:18:9: warning: array subscript 0 is outside array bounds of 'short
unsigned int [0]' [-Warray-bounds]
18 | c = *p;
| ^~
In function 'T* f(const std::__cxx11::basic_string<_CharT>&) [with T = short
unsigned int]',
inlined from 'int main()' at copy.cc:15:13:
copy.cc:7:12: note: object of size 0 allocated by 'operator new []'
7 | auto p = new T[n];
| ^~~~~~~~
This is ridiculous. The array subscript is guarded by the same length as the
array. GCC manages to use the string length to determine the allocation size,
but can't use it to confirm the conditional read doesn't happen.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
More information about the Gcc-bugs
mailing list