public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/102805] New: at -O2, spurious stringop-overflow warning writing to std::vector::back()
@ 2021-10-17 22:47 rudick at gmail dot com
2021-10-17 23:19 ` [Bug tree-optimization/102805] " pinskia at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: rudick at gmail dot com @ 2021-10-17 22:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102805
Bug ID: 102805
Summary: at -O2, spurious stringop-overflow warning writing to
std::vector::back()
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: rudick at gmail dot com
Target Milestone: ---
g++ -O2 -Wextra -Wall -Werror -Wextra vectorBackWrite.cpp
#include <vector>
#include <stddef.h>
#include <iostream>
extern FILE* f;
void triggerBug(uint64_t start, uint64_t end) {
if (f && end > start) {
std::vector<char> data(end - start + 1);
auto res = fread(&data[0], end-start, 1, f);
if (res == 1) {
data.back() = 0;
}
}
}
error is:
vectorBackWrite.cpp: In function ‘void triggerBug(uint64_t, uint64_t)’:
vectorBackWrite.cpp:11:19: error: writing 1 byte into a region of size 0
[-Werror=stringop-overflow=]
11 | data.back() = 0;
| ~~~~~~~~~~~~^~~
In file included from
/opt/gcc-11.2.0/include/c++/11.2.0/x86_64-linux-gnu/bits/c++allocator.h:33,
from /opt/gcc-11.2.0/include/c++/11.2.0/bits/allocator.h:46,
from /opt/gcc-11.2.0/include/c++/11.2.0/vector:64,
from vectorBackWrite.cpp:1:
/opt/gcc-11.2.0/include/c++/11.2.0/ext/new_allocator.h:127:48: note: at offset
[0, 9223372036854775806] into destination object of size [2,
9223372036854775807] allocated by ‘operator new’
127 | return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp)));
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors
Interestingly, this also fails w/ the same error:
*(data.rbegin()) = 0;
but this is accepted:
data[data.size()-1] = 0;
code works in gcc7 & gcc9 on the same platform, & works on gcc11 with -O1
It also seems to require the fread to be present
Version: 11.2.0
system: CentOS Linux 7.7.1908 on Intel Xeon
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/102805] at -O2, spurious stringop-overflow warning writing to std::vector::back()
2021-10-17 22:47 [Bug c++/102805] New: at -O2, spurious stringop-overflow warning writing to std::vector::back() rudick at gmail dot com
@ 2021-10-17 23:19 ` pinskia at gcc dot gnu.org
2021-10-17 23:31 ` rudick at gmail dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-10-17 23:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102805
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Hmm:
<bb 3> [local count: 751619281]:
if (end_8(D) > start_9(D))
goto <bb 4>; [33.00%]
else
goto <bb 15>; [67.00%]
<bb 4> [local count: 248034361]:
_2 = end_8(D) - start_9(D);
_3 = _2 + 1;
data ={v} {CLOBBER};
_23 = (signed long) _3;
if (_23 < 0)
goto <bb 5>; [0.04%]
else
goto <bb 6>; [99.96%]
<bb 5> [local count: 99214]:
std::__throw_length_error ("cannot create std::vector larger than
max_size()");
<bb 6> [local count: 247935148]:
MEM[(struct _Vector_impl_data *)&data] ={v} {CLOBBER};
MEM[(struct _Vector_impl_data *)&data]._M_start = 0B;
MEM[(struct _Vector_impl_data *)&data]._M_finish = 0B;
MEM[(struct _Vector_impl_data *)&data]._M_end_of_storage = 0B;
if (_3 != 0)
goto <bb 8>; [71.00%]
else
goto <bb 7>; [29.00%]
<bb 7> [local count: 71901193]:
MEM[(struct _Vector_base *)&data]._M_impl.D.49479._M_start = 0B;
MEM[(struct _Vector_base *)&data]._M_impl.D.49479._M_finish = 0B;
MEM[(struct _Vector_base *)&data]._M_impl.D.49479._M_end_of_storage = 0B;
goto <bb 9>; [100.00%]
<bb 8> [local count: 158430559]:
_33 = operator new (_3);
MEM[(struct _Vector_base *)&data]._M_impl.D.49479._M_start = _33;
MEM[(struct _Vector_base *)&data]._M_impl.D.49479._M_finish = _33;
_28 = _33 + _3;
MEM[(struct _Vector_base *)&data]._M_impl.D.49479._M_end_of_storage = _28;
*_33 = 0;
__first_35 = _33 + 1;
_41 = (long int) _2;
__builtin_memset (__first_35, 0, _2);
if end is UINT64_MAX and start is 0, then _2 would be UINT64_MAX and _3 would
be 0. And _23 < 0 would be false and then _3!=0 would be false..
So I think the warning is correct, just you don't have an wrapping check
defined in the code for (end - start + 1) .......
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/102805] at -O2, spurious stringop-overflow warning writing to std::vector::back()
2021-10-17 22:47 [Bug c++/102805] New: at -O2, spurious stringop-overflow warning writing to std::vector::back() rudick at gmail dot com
2021-10-17 23:19 ` [Bug tree-optimization/102805] " pinskia at gcc dot gnu.org
@ 2021-10-17 23:31 ` rudick at gmail dot com
2021-10-17 23:43 ` pinskia at gcc dot gnu.org
2022-12-12 17:18 ` pinskia at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rudick at gmail dot com @ 2021-10-17 23:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102805
--- Comment #2 from rudick at gmail dot com ---
Interesting.
if (f && end > start && start < 100 && end < 100) {
& I still get the warning though
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/102805] at -O2, spurious stringop-overflow warning writing to std::vector::back()
2021-10-17 22:47 [Bug c++/102805] New: at -O2, spurious stringop-overflow warning writing to std::vector::back() rudick at gmail dot com
2021-10-17 23:19 ` [Bug tree-optimization/102805] " pinskia at gcc dot gnu.org
2021-10-17 23:31 ` rudick at gmail dot com
@ 2021-10-17 23:43 ` pinskia at gcc dot gnu.org
2022-12-12 17:18 ` pinskia at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-10-17 23:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102805
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2021-10-17
Ever confirmed|0 |1
Keywords| |missed-optimization
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to rudick from comment #2)
> Interesting.
>
> if (f && end > start && start < 100 && end < 100) {
>
> & I still get the warning though
There is a missed VRP for that case:
Testcase for the above case:
void f1(uint64_t start, uint64_t end)
{
if (end > start && start < 100 && end < 100)
{
uint64_t t = end - start + 1;
if (t != 0)
__builtin_abort();
}
}
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/102805] at -O2, spurious stringop-overflow warning writing to std::vector::back()
2021-10-17 22:47 [Bug c++/102805] New: at -O2, spurious stringop-overflow warning writing to std::vector::back() rudick at gmail dot com
` (2 preceding siblings ...)
2021-10-17 23:43 ` pinskia at gcc dot gnu.org
@ 2022-12-12 17:18 ` pinskia at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-12-12 17:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102805
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Looks to be fixed in GCC 12.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-12 17:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-17 22:47 [Bug c++/102805] New: at -O2, spurious stringop-overflow warning writing to std::vector::back() rudick at gmail dot com
2021-10-17 23:19 ` [Bug tree-optimization/102805] " pinskia at gcc dot gnu.org
2021-10-17 23:31 ` rudick at gmail dot com
2021-10-17 23:43 ` pinskia at gcc dot gnu.org
2022-12-12 17:18 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).