From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E589C3857C48; Wed, 17 Nov 2021 01:32:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E589C3857C48 From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/103292] [12 regression] xorg-server-1.20.13 -Werror=array-bounds false positive on unions Date: Wed, 17 Nov 2021 01:32:12 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: INVALID X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution keywords see_also cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2021 01:32:13 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103292 Martin Sebor changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID Keywords| |diagnostic See Also| |https://gcc.gnu.org/bugzill | |a/show_bug.cgi?id=3D102151 CC| |msebor at gcc dot gnu.org --- Comment #1 from Martin Sebor --- The warning is intended. The program allocates an object of a size that's smaller than the size of the type used to access it: pPicture->pSourcePict =3D (union _SourcePict*) malloc(sizeof(struct _PictSolidFill)); pPicture->pSourcePict->type =3D 0; It's not valid to access an object of one type using an lvalue of another. = In simple cases GCC diagnoses violations of this requirement by -Wstrict-alias= ing. -Warray-bounds doesn't detect aliasing violations but it does detect a sub= set of the problem that's apparent when the size of the lvalue's type is greater than the size of the object. The object must be big enough for the whole lvalue, even if the accessed member is within the bounds of the smaller obj= ect. The following is a smaller test case that should make the issue clearer. S= ee also pr102151 for a similar report. $ cat a.c && gcc -O2 -S -Wall a.c struct A { char a[1]; }; struct B { char a[2]; }; union U { struct A a; struct B b; }; void* f (void) { union U *p =3D __builtin_malloc (sizeof (struct A)); p->a.a[0] =3D 0; return p; } a.c: In function =E2=80=98f=E2=80=99: a.c:8:4: warning: array subscript =E2=80=98union U[0]=E2=80=99 is partly ou= tside array bounds of =E2=80=98unsigned char[1]=E2=80=99 [-Warray-bounds] 8 | p->a.a[0] =3D 0; | ^~ a.c:7:16: note: object of size 1 allocated by =E2=80=98__builtin_malloc=E2= =80=99 7 | union U *p =3D __builtin_malloc (sizeof (struct A)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=