public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer
@ 2022-11-30  2:15 larsbj at gullik dot org
  2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: larsbj at gullik dot org @ 2022-11-30  2:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927

            Bug ID: 107927
           Summary: vector::push_back gives array bounds warning with
                    optimization and undefined sanitizer
           Product: gcc
           Version: 12.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: larsbj at gullik dot org
  Target Milestone: ---

Created attachment 53988
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53988&action=edit
Pre-processed source

This looks very similar to Bug 107852, but different to warrant a report imho.

gcc --version
gcc (GCC) 12.2.1 20221121 (Red Hat 12.2.1-4)

The preprocessed file has been reduced from something much larger with 
Compiling the pre-processed file with cvise. The seemingly similar test case:

   #include <initializer_list>
   #include <vector>

   struct Foo {
       Foo(std::initializer_list<unsigned> l) : v(l) { v.push_back(5); }
       struct::vector<unsigned> v;
   };

   void make() { Foo{{}}; }

does not exibit the same error as the original or preprocessed code.

g++ g++ -Warray-bounds -O2 -fsanitize=undefined -std=gnu++20 -c test.ii

(note that the original code requires -fsanitize=undefined to fail, the
preprocessed code does not.)

gives:

In function ‘int std::construct_at(_Tp) [with _Tp = unsigned int*]’,
    inlined from ‘static int std::allocator_traits<std::allocator<_Tp>
>::construct(allocator_type, _Up) [with _Up = unsigned int*; _Tp = unsigned
int]’ at :59:17,
    inlined from ‘int std::vector::push_back(int)’ at :114:46,
    inlined from ‘RTCPfeedback::RTCPfeedback(std::initializer_list<unsigned
int>)’ at :128:71,
    inlined from ‘int makeEmptyRR()’ at :131:17:
:4:56: warning: array subscript 1 is outside array bounds of ‘unsigned int [1]’
[-Warray-bounds]
In member function ‘unsigned int* std::__new_allocator::allocate(long int)’,
    inlined from ‘static _Tp* std::allocator_traits<std::allocator<_Tp>
>::allocate(allocator_type, size_type) [with _Tp = unsigned int]’ at :56:24,
    inlined from ‘unsigned int* std::_Vector_base::_M_allocate(long int)’ at
:103:53,
    inlined from ‘void std::vector::_M_range_initialize(_ForwardIterator,
_ForwardIterator, random_access_iterator_tag) [with _ForwardIterator = unsigned
int*]’ at :120:20,
    inlined from ‘std::vector::vector(std::initializer_list<unsigned int>)’ at
:112:24,
    inlined from ‘RTCPfeedback::RTCPfeedback(std::initializer_list<unsigned
int>)’ at :128:53,
    inlined from ‘int makeEmptyRR()’ at :131:17:
:7:48: note: at offset 4 into object of size 4 allocated by ‘operator new’

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer
  2022-11-30  2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org
@ 2022-11-30 12:44 ` rguenth at gcc dot gnu.org
  2022-11-30 12:48 ` redi at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-11-30 12:44 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2022-11-30

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
I can't seem to reproduce with the unreduced non-preprocessed source?  In the
reduced testcase there's

void _M_range_initialize(_ForwardIterator __first, _ForwardIterator __last,
                           random_access_iterator_tag) {
    size_type __n;
    _M_impl._M_start =
        _M_allocate(_S_check_init_len(__n, _M_get_Tp_allocator()));

so __n is clearly uninitialized.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer
  2022-11-30  2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org
  2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org
@ 2022-11-30 12:48 ` redi at gcc dot gnu.org
  2022-12-01  1:12 ` larsbj at gullik dot org
  2022-12-01 14:22 ` redi at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: redi at gcc dot gnu.org @ 2022-11-30 12:48 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
In the original <vector> code that should be:

          const size_type __n = std::distance(__first, __last);

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer
  2022-11-30  2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org
  2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org
  2022-11-30 12:48 ` redi at gcc dot gnu.org
@ 2022-12-01  1:12 ` larsbj at gullik dot org
  2022-12-01 14:22 ` redi at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: larsbj at gullik dot org @ 2022-12-01  1:12 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927

--- Comment #3 from Lars Gullik Bjønnes <larsbj at gullik dot org> ---
I cannot send you the unreduced preprocessed code and I have failed at creating
a small
snippet that produces the error.

This is the compiler output though.
Something might be gleaned from that.

In function ‘constexpr decltype (::new(void*(0)) _Tp) std::construct_at(_Tp*,
_Args&& ...) [with _Tp = unsigned int; _Args = {unsigned int}]’,
    inlined from ‘static constexpr void
std::allocator_traits<std::allocator<_CharT> >::construct(allocator_type&,
_Up*, _Args&& ...) [with _Up = unsigned int; _Args = {unsigned int}; _Tp =
unsigned int]’ at /usr/include/c++/12/bits/alloc_traits.h:518:21,
    inlined from ‘constexpr std::vector<_Tp, _Alloc>::reference
std::vector<_Tp, _Alloc>::emplace_back(_Args&& ...) [with _Args = {unsigned
int}; _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at
/usr/include/c++/12/bits/vector.tcc:117:30,
    inlined from ‘constexpr void std::vector<_Tp,
_Alloc>::push_back(value_type&&) [with _Tp = unsigned int; _Alloc =
std::allocator<unsigned int>]’ at
/usr/include/c++/12/bits/stl_vector.h:1294:21,
    inlined from ‘rtcp::RTCPfeedback<T>::RTCPfeedback(int,
std::initializer_list<unsigned int>) [with RTCP_PACKET_TYPE T = RTCP_PT_RR]’ at
functional/protocols/rtpshared/api/rtp/rtcppacket.hpp:27:20,
    inlined from ‘rtcp::RTCPfeedback<RTCP_PT_RR> rtcp::makeEmptyRR(uint32_t)’
at functional/protocols/rtpshared/rtcppacket.cpp:15:53:
/usr/include/c++/12/bits/stl_construct.h:97:14: warning: array subscript 1 is
outside array bounds of ‘unsigned int [1]’ [-Warray-bounds]
   97 |     { return ::new((void*)__location)
_Tp(std::forward<_Args>(__args)...); }
      |             
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from
/usr/include/c++/12/x86_64-redhat-linux/bits/c++allocator.h:33,
                 from /usr/include/c++/12/bits/allocator.h:46,
                 from /usr/include/c++/12/string:41:
In member function ‘_Tp* std::__new_allocator<_Tp>::allocate(size_type, const
void*) [with _Tp = unsigned int]’,
    inlined from ‘constexpr _Tp* std::allocator< <template-parameter-1-1>
>::allocate(std::size_t) [with _Tp = unsigned int]’ at
/usr/include/c++/12/bits/allocator.h:188:40,
    inlined from ‘static constexpr _Tp*
std::allocator_traits<std::allocator<_CharT> >::allocate(allocator_type&,
size_type) [with _Tp = unsigned int]’ at
/usr/include/c++/12/bits/alloc_traits.h:464:28,
    inlined from ‘constexpr std::_Vector_base<_Tp, _Alloc>::pointer
std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = unsigned
int; _Alloc = std::allocator<unsigned int>]’ at
/usr/include/c++/12/bits/stl_vector.h:378:33,
    inlined from ‘constexpr std::_Vector_base<_Tp, _Alloc>::pointer
std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = unsigned
int; _Alloc = std::allocator<unsigned int>]’ at
/usr/include/c++/12/bits/stl_vector.h:375:7,
    inlined from ‘constexpr void std::vector<_Tp,
_Alloc>::_M_range_initialize(_ForwardIterator, _ForwardIterator,
std::forward_iterator_tag) [with _ForwardIterator = const unsigned int*; _Tp =
unsigned int; _Alloc = std::allocator<unsigned int>]’ at
/usr/include/c++/12/bits/stl_vector.h:1687:25,
    inlined from ‘constexpr std::vector<_Tp,
_Alloc>::vector(std::initializer_list<_Tp>, const allocator_type&) [with _Tp =
unsigned int; _Alloc = std::allocator<unsigned int>]’ at
/usr/include/c++/12/bits/stl_vector.h:677:21,
    inlined from ‘rtcp::RTCPfeedback<T>::RTCPfeedback(int,
std::initializer_list<unsigned int>) [with RTCP_PACKET_TYPE T = RTCP_PT_RR]’ at
functional/protocols/rtpshared/api/rtp/rtcppacket.hpp:26:7,
    inlined from ‘rtcp::RTCPfeedback<RTCP_PT_RR> rtcp::makeEmptyRR(uint32_t)’
at functional/protocols/rtpshared/rtcppacket.cpp:15:53:
/usr/include/c++/12/bits/new_allocator.h:137:48: note: at offset 4 into object
of size 4 allocated by ‘operator new’
  137 |         return static_cast<_Tp*>(_GLIBCXX_OPERATOR_NEW(__n *
sizeof(_Tp)));
      |                                  ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer
  2022-11-30  2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org
                   ` (2 preceding siblings ...)
  2022-12-01  1:12 ` larsbj at gullik dot org
@ 2022-12-01 14:22 ` redi at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: redi at gcc dot gnu.org @ 2022-12-01 14:22 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927

--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
It might be fixed by r13-4393-gcca06f0d6d76b0

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-01 14:22 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-30  2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org
2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org
2022-11-30 12:48 ` redi at gcc dot gnu.org
2022-12-01  1:12 ` larsbj at gullik dot org
2022-12-01 14:22 ` redi at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).