public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
@ 2022-03-17 12:31 redi at gcc dot gnu.org
2022-03-17 12:35 ` [Bug middle-end/104966] " redi at gcc dot gnu.org
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2022-03-17 12:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
Bug ID: 104966
Summary: [11/12 Regression] Yet another bogus -Warray-bounds
warning in libstdc++ headers
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
Blocks: 56456
Target Milestone: ---
This has been failing for a while, but since there seems little chance of it
getting fixed I didn't bother reporting it.
This can be seen on any target with:
make check RUNTESTFLAGS="conformance.exp=22_locale/money_get/cons/3.cc
--target_board=unix/-std=gnu++20"
Executing on host: /home/jwakely/build/./gcc/xg++ -shared-libgcc
-B/home/jwakely/build/./gcc -nostdinc++
-L/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/src
-L/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/src/.libs
-L/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/libsupc++/.libs
-B/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/bin/
-B/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/lib/ -isystem
/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/include -isystem
/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/sys-include
-B/home/jwakely/build/powerpc64le-unknown-linux-gnu/./libstdc++-v3/src/.libs
-fmessage-length=0 -fno-show-column -ffunction-sections -fdata-sections -g -O2
-D_GNU_SOURCE -DLOCALEDIR="." -nostdinc++
-I/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/powerpc64le-unknown-linux-gnu
-I/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include
-I/home/jwakely/src/gcc/libstdc++-v3/libsupc++
-I/home/jwakely/src/gcc/libstdc++-v3/include/backward
-I/home/jwakely/src/gcc/libstdc++-v3/testsuite/util
/home/jwakely/src/gcc/libstdc++-v3/testsuite/22_locale/money_get/cons/3.cc
-std=gnu++20 -fdiagnostics-plain-output -S -o 3.s (timeout = 90)
spawn -ignore SIGHUP /home/jwakely/build/./gcc/xg++ -shared-libgcc
-B/home/jwakely/build/./gcc -nostdinc++
-L/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/src
-L/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/src/.libs
-L/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/libsupc++/.libs
-B/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/bin/
-B/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/lib/ -isystem
/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/include -isystem
/home/jwakely/gcc/12/powerpc64le-unknown-linux-gnu/sys-include
-B/home/jwakely/build/powerpc64le-unknown-linux-gnu/./libstdc++-v3/src/.libs
-fmessage-length=0 -fno-show-column -ffunction-sections -fdata-sections -g -O2
-D_GNU_SOURCE -DLOCALEDIR="." -nostdinc++
-I/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/powerpc64le-unknown-linux-gnu
-I/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include
-I/home/jwakely/src/gcc/libstdc++-v3/libsupc++
-I/home/jwakely/src/gcc/libstdc++-v3/include/backward
-I/home/jwakely/src/gcc/libstdc++-v3/testsuite/util
/home/jwakely/src/gcc/libstdc++-v3/testsuite/22_locale/money_get/cons/3.cc
-std=gnu++20 -fdiagnostics-plain-output -S -o 3.s
In file included from
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/string:50,
from
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_classes.h:40,
from
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/locale:39,
from
/home/jwakely/src/gcc/libstdc++-v3/testsuite/22_locale/money_get/cons/3.cc:24:
In static member function 'static constexpr _Tp* std::__copy_move<_IsMove,
true, std::random_access_iterator_tag>::__copy_m(const _Tp*, const _Tp*, _Tp*)
[with _Tp = __gnu_cxx::character<unsigned int, long unsigned int>; bool _IsMove
= false]',
inlined from 'constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool
_IsMove = false; _II = const __gnu_cxx::character<unsigned int, long unsigned
int>*; _OI = __gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:495,
inlined from 'constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool
_IsMove = false; _II = const __gnu_cxx::character<unsigned int, long unsigned
int>*; _OI = __gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:522,
inlined from 'constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool
_IsMove = false; _II = const __gnu_cxx::character<unsigned int, long unsigned
int>*; _OI = __gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:529,
inlined from 'constexpr _OI std::copy(_II, _II, _OI) [with _II = const
__gnu_cxx::character<unsigned int, long unsigned int>*; _OI =
__gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:620,
inlined from 'static std::char_traits<__gnu_cxx::character<_Value, _Int,
_St> >::char_type* std::char_traits<__gnu_cxx::character<_Value, _Int, _St>
>::copy(char_type*, const char_type*, std::size_t) [with _Value = unsigned int;
_Int = long unsigned int; _St = __mbstate_t]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/ext/pod_char_traits.h:158,
inlined from 'static std::char_traits<__gnu_cxx::character<_Value, _Int,
_St> >::char_type* std::char_traits<__gnu_cxx::character<_Value, _Int, _St>
>::copy(char_type*, const char_type*, std::size_t) [with _Value = unsigned int;
_Int = long unsigned int; _St = __mbstate_t]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/ext/pod_char_traits.h:154,
inlined from 'static constexpr void std::__cxx11::basic_string<_CharT,
_Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:423,
inlined from 'static constexpr void std::__cxx11::basic_string<_CharT,
_Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:418,
inlined from 'constexpr std::__cxx11::basic_string<_CharT, _Traits,
_Alloc>::size_type std::__cxx11::basic_string<_CharT, _Traits,
_Alloc>::copy(_CharT*, size_type, size_type) const [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:555,
inlined from 'void std::__moneypunct_cache<_CharT, _Intl>::_M_cache(const
std::locale&) [with _CharT = __gnu_cxx::character<unsigned int, long unsigned
int>; bool _Intl = false]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:101:
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:431:
warning: 'void* __builtin_memmove(void*, const void*, long unsigned int)'
writing 1 or more bytes into a region of size 0 overflows the destination
[-Wstringop-overflow=]
In file included from
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.h:2069,
from
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/locale:41:
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:
In member function 'void std::__moneypunct_cache<_CharT, _Intl>::_M_cache(const
std::locale&) [with _CharT = __gnu_cxx::character<unsigned int, long unsigned
int>; bool _Intl = false]':
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:100:
note: destination object of size 0 allocated by 'operator new []'
In static member function 'static constexpr _Tp* std::__copy_move<_IsMove,
true, std::random_access_iterator_tag>::__copy_m(const _Tp*, const _Tp*, _Tp*)
[with _Tp = __gnu_cxx::character<unsigned int, long unsigned int>; bool _IsMove
= false]',
inlined from 'constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool
_IsMove = false; _II = const __gnu_cxx::character<unsigned int, long unsigned
int>*; _OI = __gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:495,
inlined from 'constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool
_IsMove = false; _II = const __gnu_cxx::character<unsigned int, long unsigned
int>*; _OI = __gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:522,
inlined from 'constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool
_IsMove = false; _II = const __gnu_cxx::character<unsigned int, long unsigned
int>*; _OI = __gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:529,
inlined from 'constexpr _OI std::copy(_II, _II, _OI) [with _II = const
__gnu_cxx::character<unsigned int, long unsigned int>*; _OI =
__gnu_cxx::character<unsigned int, long unsigned int>*]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:620,
inlined from 'static std::char_traits<__gnu_cxx::character<_Value, _Int,
_St> >::char_type* std::char_traits<__gnu_cxx::character<_Value, _Int, _St>
>::copy(char_type*, const char_type*, std::size_t) [with _Value = unsigned int;
_Int = long unsigned int; _St = __mbstate_t]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/ext/pod_char_traits.h:158,
inlined from 'static std::char_traits<__gnu_cxx::character<_Value, _Int,
_St> >::char_type* std::char_traits<__gnu_cxx::character<_Value, _Int, _St>
>::copy(char_type*, const char_type*, std::size_t) [with _Value = unsigned int;
_Int = long unsigned int; _St = __mbstate_t]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/ext/pod_char_traits.h:154,
inlined from 'static constexpr void std::__cxx11::basic_string<_CharT,
_Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:423,
inlined from 'static constexpr void std::__cxx11::basic_string<_CharT,
_Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:418,
inlined from 'constexpr std::__cxx11::basic_string<_CharT, _Traits,
_Alloc>::size_type std::__cxx11::basic_string<_CharT, _Traits,
_Alloc>::copy(_CharT*, size_type, size_type) const [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:555,
inlined from 'void std::__moneypunct_cache<_CharT, _Intl>::_M_cache(const
std::locale&) [with _CharT = __gnu_cxx::character<unsigned int, long unsigned
int>; bool _Intl = false]' at
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:106:
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:431:
warning: 'void* __builtin_memmove(void*, const void*, long unsigned int)'
writing 1 or more bytes into a region of size 0 overflows the destination
[-Wstringop-overflow=]
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:
In member function 'void std::__moneypunct_cache<_CharT, _Intl>::_M_cache(const
std::locale&) [with _CharT = __gnu_cxx::character<unsigned int, long unsigned
int>; bool _Intl = false]':
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/locale_facets_nonio.tcc:105:
note: destination object of size 0 allocated by 'operator new []'
FAIL: 22_locale/money_get/cons/3.cc (test for excess errors)
Excess errors:
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:431:
warning: 'void* __builtin_memmove(void*, const void*, long unsigned int)'
writing 1 or more bytes into a region of size 0 overflows the destination
[-Wstringop-overflow=]
/home/jwakely/build/powerpc64le-unknown-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:431:
warning: 'void* __builtin_memmove(void*, const void*, long unsigned int)'
writing 1 or more bytes into a region of size 0 overflows the destination
[-Wstringop-overflow=]
The code allocates an array of n bytes and copies n bytes into it. If n==0 it
copies 0 bytes. There's no overflow.
const basic_string<_CharT>& __ns = __mp.negative_sign();
_M_negative_sign_size = __ns.size();
__negative_sign = new _CharT[_M_negative_sign_size];
__ns.copy(__negative_sign, _M_negative_sign_size);
If you use -std=gnu++20 -Wall there are more bogus warnings:
/home/jwakely/src/gcc/build/x86_64-pc-linux-gnu/libstdc++-v3/include/ext/pod_char_traits.h:107:
warning: array subscript 0 is outside array bounds of
'__gnu_cxx::character<unsigned int, long unsigned int> [0]' [-Warray-bounds]
/home/jwakely/src/gcc/build/x86_64-pc-linux-gnu/libstdc++-v3/include/ext/pod_char_traits.h:107:
warning: array subscript 0 is outside array bounds of
'__gnu_cxx::character<unsigned int, long unsigned int> [0]' [-Warray-bounds]
/home/jwakely/src/gcc/build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:431:
warning: 'void* __builtin_memmove(void*, const void*, long unsigned int)'
offset 0 is out of the bounds [0, 0] [-Warray-bounds]
/home/jwakely/src/gcc/build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/stl_algobase.h:431:
warning: 'void* __builtin_memmove(void*, const void*, long unsigned int)'
offset 0 is out of the bounds [0, 0] [-Warray-bounds]
I don't know why they're given twice but the "array subscript is outside array
bounds" ones are:
In file included from
/home/jwakely/src/gcc/gcc/libstdc++-v3/testsuite/util/testsuite_character.h:31,
from
/home/jwakely/src/gcc/gcc/libstdc++-v3/testsuite/22_locale/money_get/cons/3.cc:25:
In static member function 'static void
std::char_traits<__gnu_cxx::character<_Value, _Int, _St> >::assign(char_type&,
const char_type&) [with _Value = unsigned int; _Int = long unsigned int; _St =
__mbstate_t]',
inlined from 'static constexpr void std::__cxx11::basic_string<_CharT,
_Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at /home/jwakely/gcc/12/include/c++/12.0.1/bits/basic_string.h:421:23,
inlined from 'constexpr std::__cxx11::basic_string<_CharT, _Traits,
_Alloc>::size_type std::__cxx11::basic_string<_CharT, _Traits,
_Alloc>::copy(_CharT*, size_type, size_type) const [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; _Traits =
std::char_traits<__gnu_cxx::character<unsigned int, long unsigned int> >;
_Alloc = std::allocator<__gnu_cxx::character<unsigned int, long unsigned int>
>]' at /home/jwakely/gcc/12/include/c++/12.0.1/bits/basic_string.tcc:555:9,
inlined from 'void std::__moneypunct_cache<_CharT, _Intl>::_M_cache(const
std::locale&) [with _CharT = __gnu_cxx::character<unsigned int, long unsigned
int>; bool _Intl = false]' at
/home/jwakely/gcc/12/include/c++/12.0.1/bits/locale_facets_nonio.tcc:101:13:
/home/jwakely/gcc/12/include/c++/12.0.1/ext/pod_char_traits.h:107:9: warning:
array subscript 0 is outside array bounds of '__gnu_cxx::character<unsigned
int, long unsigned int> [0]' [-Warray-bounds]
107 | { __c1 = __c2; }
| ^~~~
That comes from here:
// When __n = 1 way faster than the general multichar
// traits_type::copy/move/assign.
_GLIBCXX20_CONSTEXPR
static void
_S_copy(_CharT* __d, const _CharT* __s, size_type __n)
{
if (__n == 1)
traits_type::assign(*__d, *__s);
else
traits_type::copy(__d, __s, __n);
}
The warning comes from the traits_type::assign call. The one guarded by __n ==
1, so that it never happens if __n == 0.
MAKE IT STOP. PLEASE MAKE IT STOP.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
@ 2022-03-17 12:35 ` redi at gcc dot gnu.org
2022-03-17 12:37 ` redi at gcc dot gnu.org
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2022-03-17 12:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Created attachment 52641
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52641&action=edit
Partially reduced preprocessed source for second issue
-std=gnu++20 -Wall gives:
3.ii: In member function 'void std::__moneypunct_cache<_CharT,
_Intl>::_M_cache(const std::locale&) [with _CharT =
__gnu_cxx::character<unsigned int, long unsigned int>; bool _Intl = false]':
3.ii:37583:9: warning: array subscript 0 is outside array bounds of
'__gnu_cxx::character<unsigned int, long unsigned int> [0]' [-Warray-bounds]
37583 | { __c1 = __c2; }
| ^~~~
3.ii:36040:22: note: referencing an object of size 0 allocated by 'void*
operator new [](std::size_t)'
36040 | __positive_sign = new _CharT[_M_positive_sign_size];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3.ii:37583:9: warning: array subscript 0 is outside array bounds of
'__gnu_cxx::character<unsigned int, long unsigned int> [0]' [-Warray-bounds]
37583 | { __c1 = __c2; }
| ^~~~
3.ii:36045:22: note: referencing an object of size 0 allocated by 'void*
operator new [](std::size_t)'
36045 | __negative_sign = new _CharT[_M_negative_sign_size];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
2022-03-17 12:35 ` [Bug middle-end/104966] " redi at gcc dot gnu.org
@ 2022-03-17 12:37 ` redi at gcc dot gnu.org
2022-03-17 12:39 ` redi at gcc dot gnu.org
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2022-03-17 12:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Oops, I forgot to add that these all need -O2 to trigger the warnings.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
2022-03-17 12:35 ` [Bug middle-end/104966] " redi at gcc dot gnu.org
2022-03-17 12:37 ` redi at gcc dot gnu.org
@ 2022-03-17 12:39 ` redi at gcc dot gnu.org
2022-03-17 12:46 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2022-03-17 12:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Created attachment 52642
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52642&action=edit
Preprocessed source for the first issue
This is the original unreduced preprocessed output for the test
libstdc++-v3/testsuite/22_locale/money_get/cons/3.cc
-std=gnu++20 -Wall -O2 gives four bogus warnings for this one.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (2 preceding siblings ...)
2022-03-17 12:39 ` redi at gcc dot gnu.org
@ 2022-03-17 12:46 ` rguenth at gcc dot gnu.org
2022-03-17 12:48 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-03-17 12:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
Well, the IL definitely has
tem = operator new[] (0);
/* some magic computing with 'positive_sign_size' */
if (min (positive-sign-size, something) != 0)
if (__n == 1)
;
else
{
tem = __n * 4;
if (tem != 0)
__builtin_memmove (dest, ..., tem);
so I guess that "magic" should always evaluate to 0 but we are not able
to figure that out despite the allocation being statically size zero.
You might be able to pin-point the libstdc++ piece with that magic?
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (3 preceding siblings ...)
2022-03-17 12:46 ` rguenth at gcc dot gnu.org
@ 2022-03-17 12:48 ` rguenth at gcc dot gnu.org
2022-03-17 12:49 ` rguenth at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-03-17 12:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
Ah, so we have
this_42(D)->_M_positive_sign_size = 0;
_62 = operator new [] (0);
(possible EH)
<bb 35> [local count: 268220751]:
_6 = this_42(D)->_M_positive_sign_size;
_192 = MEM[(long unsigned int *)&D.281666(address-taken) + 8B];
_188 = MIN_EXPR <_6, _192>;
if (_188 != 0)
goto <bb 36>; [50.00%]
and 'new' is now (after some "recent" fix) possibly clobbering
this->_M_positive_sign_size. I suggest to save that to an automatic
local, only loading it once as workaround.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (4 preceding siblings ...)
2022-03-17 12:48 ` rguenth at gcc dot gnu.org
@ 2022-03-17 12:49 ` rguenth at gcc dot gnu.org
2022-03-17 12:51 ` redi at gcc dot gnu.org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-03-17 12:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Richard Biener from comment #5)
> and 'new' is now (after some "recent" fix)
PR101480
> possibly clobbering this->_M_positive_sign_size.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (5 preceding siblings ...)
2022-03-17 12:49 ` rguenth at gcc dot gnu.org
@ 2022-03-17 12:51 ` redi at gcc dot gnu.org
2022-03-17 13:01 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2022-03-17 12:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #7 from Jonathan Wakely <redi at gcc dot gnu.org> ---
N.B. with no warning options the test fails with -Wstringop-overflow warnings
(enabled by default) and with -Wall the same exact same line of correct code
gives -Warray-bounds warnings. So I need to disable *both* to stop a bogus
warning on that one line.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (6 preceding siblings ...)
2022-03-17 12:51 ` redi at gcc dot gnu.org
@ 2022-03-17 13:01 ` rguenth at gcc dot gnu.org
2022-03-17 17:52 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-03-17 13:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |11.3
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (7 preceding siblings ...)
2022-03-17 13:01 ` rguenth at gcc dot gnu.org
@ 2022-03-17 17:52 ` cvs-commit at gcc dot gnu.org
2022-04-21 7:51 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-03-17 17:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jonathan Wakely <redi@gcc.gnu.org>:
https://gcc.gnu.org/g:38ce4489635f2d65de965af3ec5d5c4adf7762d9
commit r12-7690-g38ce4489635f2d65de965af3ec5d5c4adf7762d9
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Thu Mar 17 13:33:07 2022 +0000
libstdc++: Rewrite __moneypunct_cache::_M_cache [PR104966]
GCC thinks the following can lead to a buffer overflow when __ns.size()
equals zero:
const basic_string<_CharT>& __ns = __mp.negative_sign();
_M_negative_sign_size = __ns.size();
__negative_sign = new _CharT[_M_negative_sign_size];
__ns.copy(__negative_sign, _M_negative_sign_size);
This happens because operator new might be replaced with something that
writes to this->_M_negative_sign_size and so the basic_string::copy call
could use a non-zero size to write to a zero-length buffer.
The solution suggested by Richi is to cache the size in a local variable
so that the compiler knows it won't be changed between the allocation
and the copy.
This commit goes further and rewrites the whole function to use RAII and
delay all modifications of *this until after all allocations have
succeeded. The RAII helper type caches the size and copies the string
and owns the memory until told to release it.
libstdc++-v3/ChangeLog:
PR middle-end/104966
* include/bits/locale_facets_nonio.tcc
(__moneypunct_cache::_M_cache): Replace try-catch with RAII and
make all string copies before any stores to *this.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (8 preceding siblings ...)
2022-03-17 17:52 ` cvs-commit at gcc dot gnu.org
@ 2022-04-21 7:51 ` rguenth at gcc dot gnu.org
2022-04-21 12:32 ` cvs-commit at gcc dot gnu.org
2022-04-21 12:36 ` redi at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-21 7:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|11.3 |11.4
--- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 11.3 is being released, retargeting bugs to GCC 11.4.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (9 preceding siblings ...)
2022-04-21 7:51 ` rguenth at gcc dot gnu.org
@ 2022-04-21 12:32 ` cvs-commit at gcc dot gnu.org
2022-04-21 12:36 ` redi at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-21 12:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:
https://gcc.gnu.org/g:3859a3cb9b997fb8d9134180b8cc68f040dd36f5
commit r11-9900-g3859a3cb9b997fb8d9134180b8cc68f040dd36f5
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Thu Mar 17 13:33:07 2022 +0000
libstdc++: Fix warning in __moneypunct_cache::_M_cache [PR104966]
GCC thinks the following can lead to a buffer overflow when __ns.size()
equals zero:
const basic_string<_CharT>& __ns = __mp.negative_sign();
_M_negative_sign_size = __ns.size();
__negative_sign = new _CharT[_M_negative_sign_size];
__ns.copy(__negative_sign, _M_negative_sign_size);
This happens because operator new might be replaced with something that
writes to this->_M_negative_sign_size and so the basic_string::copy call
could use a non-zero size to write to a zero-length buffer.
The solution suggested by Richi is to cache the size in a local variable
so that the compiler knows it won't be changed between the allocation
and the copy.
libstdc++-v3/ChangeLog:
PR middle-end/104966
* include/bits/locale_facets_nonio.tcc
(__moneypunct_cache::_M_cache): Store string sizes in local
variable that doesn't escape.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug middle-end/104966] [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
` (10 preceding siblings ...)
2022-04-21 12:32 ` cvs-commit at gcc dot gnu.org
@ 2022-04-21 12:36 ` redi at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2022-04-21 12:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104966
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #11 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Fixed for 11.4
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-04-21 12:36 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-17 12:31 [Bug middle-end/104966] New: [11/12 Regression] Yet another bogus -Warray-bounds warning in libstdc++ headers redi at gcc dot gnu.org
2022-03-17 12:35 ` [Bug middle-end/104966] " redi at gcc dot gnu.org
2022-03-17 12:37 ` redi at gcc dot gnu.org
2022-03-17 12:39 ` redi at gcc dot gnu.org
2022-03-17 12:46 ` rguenth at gcc dot gnu.org
2022-03-17 12:48 ` rguenth at gcc dot gnu.org
2022-03-17 12:49 ` rguenth at gcc dot gnu.org
2022-03-17 12:51 ` redi at gcc dot gnu.org
2022-03-17 13:01 ` rguenth at gcc dot gnu.org
2022-03-17 17:52 ` cvs-commit at gcc dot gnu.org
2022-04-21 7:51 ` rguenth at gcc dot gnu.org
2022-04-21 12:32 ` cvs-commit at gcc dot gnu.org
2022-04-21 12:36 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).