From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 167EE3858D35; Mon, 7 Mar 2022 13:30:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 167EE3858D35 From: "rverschelde at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/104789] [12 Regression] New -Wstringop-overflow false positive since r12-5863-g9354a7d70caef1c9 Date: Mon, 07 Mar 2022 13:30:21 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: rverschelde at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 12.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2022 13:30:22 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104789 --- Comment #7 from R=C3=A9mi Verschelde --- Took me a while, but I was able to make a proper reduced testcase by cutting down the Godot case to the very minimal. It's a bit convoluted (and the code doesn't make any sense anymore), but the complexity seems to trigger the false positive I intended to report origina= lly. ``` $ cat godot-stringop.cpp #include #include uint32_t components =3D 3; void commit_temp_packets() { // Should be sufficient? if (components > 3) { return; } uint8_t header[8]; uint32_t header_bytes =3D 0; for (uint32_t i =3D 0; i < components; i++) { header_bytes +=3D 2; } uint32_t max_shifts[3] =3D { 0, 0, 0 }; for (uint32_t i =3D 1; i < 2; i++) { for (uint32_t j =3D 0; j < components; j++) { max_shifts[j] =3D 1; } } header_bytes +=3D 2; // Should definitely be sufficient. if (header_bytes > 7) { return; } while (header_bytes % 4 !=3D 0) { header[header_bytes++] =3D 0; } std::vector data; for (uint32_t i =3D 0; i < header_bytes; i++) { data.push_back(header[i]); } uint32_t bit_buffer =3D 0; uint32_t bits_used =3D 0; for (uint32_t i =3D 1; i < 2; i++) { for (uint32_t j =3D 0; j < components; j++) { bit_buffer |=3D 1 << bits_used; bits_used +=3D max_shifts[j] + 1; while (bits_used >=3D 8) { uint8_t byte =3D bit_buffer & 0xFF; data.push_back(byte); bit_buffer >>=3D 8; bits_used -=3D 8; } } } } $ g++ godot-stringop.cpp -c -Werror=3Dall -O3 godot-stringop.cpp: In function =E2=80=98void commit_temp_packets()=E2=80= =99: godot-stringop.cpp:29:40: error: writing 1 byte into a region of size 0 [-Werror=3Dstringop-overflow=3D] 29 | header[header_bytes++] =3D 0; | ~~~~~~~~~~~~~~~~~~~~~~~^~~ godot-stringop.cpp:10:17: note: at offset 8 into destination object =E2=80= =98header=E2=80=99 of size 8 10 | uint8_t header[8]; | ^~~~~~ godot-stringop.cpp:29:40: error: writing 1 byte into a region of size 0 [-Werror=3Dstringop-overflow=3D] 29 | header[header_bytes++] =3D 0; | ~~~~~~~~~~~~~~~~~~~~~~~^~~ godot-stringop.cpp:10:17: note: at offset [9, 11] into destination object =E2=80=98header=E2=80=99 of size 8 10 | uint8_t header[8]; | ^~~~~~ cc1plus: some warnings being treated as errors ``` Interestingly, there are no changes to `header_bytes` or `components` after line 29, yet the code that follows seems needed to trigger the warning.=