[Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition
@ 2022-04-28 13:42 byteslice at airmail dot cc
  2022-04-28 20:41 ` [Bug middle-end/105424] " pinskia at gcc dot gnu.org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: byteslice at airmail dot cc @ 2022-04-28 13:42 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105424

            Bug ID: 105424
           Summary: Bogus -Wstringop-overread with non-overread condition
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: byteslice at airmail dot cc
  Target Milestone: ---

Created attachment 52897
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52897&action=edit
Cvised example

On gcc 12.0.1 20220413 (Fedora 36 Beta), with c++ -std=c++20 -O1
-Werror=stringop-overread, the attachment fails to compile, with the following
message:

In function 'void boost::memmove(I, F) [with I = move_iterator<int*>; F =
int]',
    inlined from 'F boost::uninitialized_copy_alloc(Allocator, I, F) [with
Allocator = vector_alloc_holder; I = move_iterator<int*>; F = int]' at
<source>:67:10,
    inlined from 'void
boost::vector::priv_uninitialized_construct_at_end(InpIt, InpIt) [with InpIt =
boost::move_iterator<int*>]' at <source>:91:45,
    inlined from 'void boost::vector::assign(FwdIt, FwdIt) [with FwdIt =
boost::move_iterator<int*>]' at <source>:87:42,
    inlined from 'boost::small_vector::small_vector(boost::small_vector&&)' at
<source>:106:11,
    inlined from 'Stack::Stack(Stack&&)' at <source>:113:8,
    inlined from 'pair<_T2>::pair(_U1, _U2) [with _U1 = int; _U2 = Stack; _T2 =
Stack]' at <source>:5:24,
    inlined from 'pair<Stack> Stack::Pop() const' at <source>:118:67:
<source>:63:14: error: 'void* memmove(void*, const void*, long unsigned int)'
reading 9 or more bytes from a region of size 4 [-Werror=stringop-overread]
   63 |     ::memmove(dest_raw, beg_raw, n);
      |     ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
<source>: In member function 'pair<Stack> Stack::Pop() const':
<source>:103:9: note: source object '__trans_tmp_4' of size 4
  103 |     int __trans_tmp_4;
      |         ^~~~~~~~~~~~~
cc1plus: some warnings being treated as errors
Compiler returned: 1

This warning is bogus because the memmove is guarded by a condition that
prevents the size from being more than 4. The bogus warning does not appear in
older versions of GCC.

Adding -fno-inline to options allows compilation to succeed.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug middle-end/105424] Bogus -Wstringop-overread with non-overread condition
  2022-04-28 13:42 [Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition byteslice at airmail dot cc
@ 2022-04-28 20:41 ` pinskia at gcc dot gnu.org
  2022-04-28 20:59 ` byteslice at airmail dot cc
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-04-28 20:41 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105424

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2022-04-28

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
> long n(end_raw - beg_raw);
> if (n < 4)

This means n could be negative which then converted to unsigned would be a
large #.

The code here is reduced too much though:
  value_type *dest_raw, *beg_raw = movelib::iterator_to_raw_pointer(f),
                        *end_raw = 0;

So basically you have (long)(beg_raw) < 4. Which might be true if the upper bit
is set.

Please attach the original preprocessed source as I have shown it was reduced
too much.


Plus I suspect adding a check for "n >= 0" will fix the warning too.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug middle-end/105424] Bogus -Wstringop-overread with non-overread condition
  2022-04-28 13:42 [Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition byteslice at airmail dot cc
  2022-04-28 20:41 ` [Bug middle-end/105424] " pinskia at gcc dot gnu.org
@ 2022-04-28 20:59 ` byteslice at airmail dot cc
  2022-04-28 21:03 ` byteslice at airmail dot cc
  2022-04-28 21:36 ` pinskia at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: byteslice at airmail dot cc @ 2022-04-28 20:59 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105424

Liam White <byteslice at airmail dot cc> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #52897|0                           |1
        is obsolete|                            |

--- Comment #2 from Liam White <byteslice at airmail dot cc> ---
Created attachment 52901
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52901&action=edit
Preprocessed source

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug middle-end/105424] Bogus -Wstringop-overread with non-overread condition
  2022-04-28 13:42 [Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition byteslice at airmail dot cc
  2022-04-28 20:41 ` [Bug middle-end/105424] " pinskia at gcc dot gnu.org
  2022-04-28 20:59 ` byteslice at airmail dot cc
@ 2022-04-28 21:03 ` byteslice at airmail dot cc
  2022-04-28 21:36 ` pinskia at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: byteslice at airmail dot cc @ 2022-04-28 21:03 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105424

--- Comment #3 from Liam White <byteslice at airmail dot cc> ---
Compile with c++ -std=gnu++20 -O1 -Werror=stringop-overread to reproduce.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug middle-end/105424] Bogus -Wstringop-overread with non-overread condition
  2022-04-28 13:42 [Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition byteslice at airmail dot cc
                   ` (2 preceding siblings ...)
  2022-04-28 21:03 ` byteslice at airmail dot cc
@ 2022-04-28 21:36 ` pinskia at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-04-28 21:36 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105424

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |UNCONFIRMED
     Ever confirmed|1                           |0

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-04-28 21:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-28 13:42 [Bug c++/105424] New: Bogus -Wstringop-overread with non-overread condition byteslice at airmail dot cc
2022-04-28 20:41 ` [Bug middle-end/105424] " pinskia at gcc dot gnu.org
2022-04-28 20:59 ` byteslice at airmail dot cc
2022-04-28 21:03 ` byteslice at airmail dot cc
2022-04-28 21:36 ` pinskia at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).