From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 140FC3851408; Fri, 26 Aug 2022 18:32:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 140FC3851408 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1661538734; bh=YI7GYvG8SqiF/VDbOFxOb9BOOiUqx2k8tDkMi9q64qY=; h=From:To:Subject:Date:From; b=qMCYJ8AGaCor8DNwj9ZoDs4AAA+2f7KqQmnTCNyaJHc/WipsrvoM+qs3Pi7RTo9+V eb19h798tO0Q6R9s3en9/tIBUjE3OqDt0f3KVxP8fXQHm2/1p9/HjntTvyW4SauZzY +MYOJmoORu2ekyA3AN/gpQcZR628bx4jL2NggK48= From: "jonathan.leffler at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/106757] New: Incorrect "writing 1 byte into a region of size 0" warning Date: Fri, 26 Aug 2022 18:32:13 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 12.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: jonathan.leffler at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106757 Bug ID: 106757 Summary: Incorrect "writing 1 byte into a region of size 0" warning Product: gcc Version: 12.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: jonathan.leffler at gmail dot com Target Milestone: --- Created attachment 53515 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D53515&action=3Dedit Source code (gcc-bug.c) for the repro GCC 11.2.0 is happy with this code (and I believe it is correct). Neither = GCC 12.1.0 nor GCC 12.2.0 are happy with this code (and I believe this is a bug= ).=20 There are no preprocessor directives in the source code. $ /usr/gcc/v12.2.0/bin/gcc -v Using built-in specs. COLLECT_GCC=3Dgcc COLLECT_LTO_WRAPPER=3D/work1/gcc/v12.2.0/bin/../libexec/gcc/x86_64-pc-linux= -gnu/12.2.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: ../gcc-12.2.0/configure --prefix=3D/usr/gcc/v12.2.0 CC=3D/usr/bin/gcc CXX=3D/usr/bin/g++ Thread model: posix Supported LTO compression algorithms: zlib gcc version 12.2.0 (GCC)=20 $ Compilation: $ /usr/gcc/v11.2.0/bin/gcc -c -std=3Dc99 -O3 -Wall -Werror -pedantic -Wextr= a=20 gcc-bug.c $ /usr/gcc/v12.2.0/bin/gcc -c -std=3Dc99 -O3 -Wall -Werror -pedantic -Wextr= a=20 gcc-bug.c gcc-bug.c: In function =E2=80=98pqr_scanner=E2=80=99: gcc-bug.c:16:24: error: writing 1 byte into a region of size 0 [-Werror=3Dstringop-overflow=3D] 16 | tmpchar[k] =3D mbs[k]; | ~~~~~~~~~~~^~~~~~~~ gcc-bug.c:14:14: note: at offset 4 into destination object =E2=80=98tmpchar= =E2=80=99 of size 4 14 | char tmpchar[MBC_MAX]; | ^~~~~~~ gcc-bug.c:16:24: error: writing 1 byte into a region of size 0 [-Werror=3Dstringop-overflow=3D] 16 | tmpchar[k] =3D mbs[k]; | ~~~~~~~~~~~^~~~~~~~ gcc-bug.c:14:14: note: at offset 5 into destination object =E2=80=98tmpchar= =E2=80=99 of size 4 14 | char tmpchar[MBC_MAX]; | ^~~~~~~ cc1: all warnings being treated as errors $ The -Wall, -Wextra, -pedantic options are not necessary to generate the warning; the -Werror gives an error instead of a warning, of course. $ cat gcc-bug.i # 0 "gcc-bug.c" # 0 "" # 0 "" # 1 "/usr/include/stdc-predef.h" 1 3 4 # 0 "" 2 # 1 "gcc-bug.c" enum { MBC_MAX =3D 4 }; extern int pqr_scanner(char *mbs); extern int pqr_mbc_len(char *mbs, int n); extern void pqr_use_mbs(const char *mbs, int len); extern char *pqr_mbs_nxt(char *mbs); int pqr_scanner(char *mbs) { while (mbs !=3D 0 && *mbs !=3D '\0') { int len =3D pqr_mbc_len(mbs, MBC_MAX); char tmpchar[MBC_MAX]; for (int k =3D 0; k < len; k++) tmpchar[k] =3D mbs[k]; pqr_use_mbs(tmpchar, len); mbs =3D pqr_mbs_nxt(mbs); } return 0; } $ The source code contains a comment noting that if I replace `mbs =3D pqr_nbs_nxt(mbs);` with `mbs +=3D len;`, the bug does not reproduce. In the original code (which was doing work with multi-byte characters and strings), the analogue of pqr_mbc_len() returns either -1 or a value 1..MBC_MAX. The code for the pqr_mbc_len() function was not part of the = TU.=20 There was a test for `if (len < 0) return -1;` after the call to pqr_mbc_le= n() but it wasn't needed for the repro. Just in case - GCC 11.2.0 specs and output from uname -a: $ /usr/gcc/v11.2.0/bin/gcc -v Using built-in specs. COLLECT_GCC=3D/usr/gcc/v11.2.0/bin/gcc COLLECT_LTO_WRAPPER=3D/work1/gcc/v11.2.0/bin/../libexec/gcc/x86_64-pc-linux= -gnu/11.2.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: ../gcc-11.2.0/configure --prefix=3D/usr/gcc/v11.2.0 CC=3D/usr/bin/gcc CXX=3D/usr/bin/g++ Thread model: posix Supported LTO compression algorithms: zlib gcc version 11.2.0 (GCC) $ uname -a Linux njdc-ldev04 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux $ The original function was 100 lines of code in a file of 2600 lines, includ= ing 20 headers directly.=