public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer
@ 2022-11-30 2:15 larsbj at gullik dot org
2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: larsbj at gullik dot org @ 2022-11-30 2:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927
Bug ID: 107927
Summary: vector::push_back gives array bounds warning with
optimization and undefined sanitizer
Product: gcc
Version: 12.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: larsbj at gullik dot org
Target Milestone: ---
Created attachment 53988
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53988&action=edit
Pre-processed source
This looks very similar to Bug 107852, but different to warrant a report imho.
gcc --version
gcc (GCC) 12.2.1 20221121 (Red Hat 12.2.1-4)
The preprocessed file has been reduced from something much larger with
Compiling the pre-processed file with cvise. The seemingly similar test case:
#include <initializer_list>
#include <vector>
struct Foo {
Foo(std::initializer_list<unsigned> l) : v(l) { v.push_back(5); }
struct::vector<unsigned> v;
};
void make() { Foo{{}}; }
does not exibit the same error as the original or preprocessed code.
g++ g++ -Warray-bounds -O2 -fsanitize=undefined -std=gnu++20 -c test.ii
(note that the original code requires -fsanitize=undefined to fail, the
preprocessed code does not.)
gives:
In function ‘int std::construct_at(_Tp) [with _Tp = unsigned int*]’,
inlined from ‘static int std::allocator_traits<std::allocator<_Tp>
>::construct(allocator_type, _Up) [with _Up = unsigned int*; _Tp = unsigned
int]’ at :59:17,
inlined from ‘int std::vector::push_back(int)’ at :114:46,
inlined from ‘RTCPfeedback::RTCPfeedback(std::initializer_list<unsigned
int>)’ at :128:71,
inlined from ‘int makeEmptyRR()’ at :131:17:
:4:56: warning: array subscript 1 is outside array bounds of ‘unsigned int [1]’
[-Warray-bounds]
In member function ‘unsigned int* std::__new_allocator::allocate(long int)’,
inlined from ‘static _Tp* std::allocator_traits<std::allocator<_Tp>
>::allocate(allocator_type, size_type) [with _Tp = unsigned int]’ at :56:24,
inlined from ‘unsigned int* std::_Vector_base::_M_allocate(long int)’ at
:103:53,
inlined from ‘void std::vector::_M_range_initialize(_ForwardIterator,
_ForwardIterator, random_access_iterator_tag) [with _ForwardIterator = unsigned
int*]’ at :120:20,
inlined from ‘std::vector::vector(std::initializer_list<unsigned int>)’ at
:112:24,
inlined from ‘RTCPfeedback::RTCPfeedback(std::initializer_list<unsigned
int>)’ at :128:53,
inlined from ‘int makeEmptyRR()’ at :131:17:
:7:48: note: at offset 4 into object of size 4 allocated by ‘operator new’
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer 2022-11-30 2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org @ 2022-11-30 12:44 ` rguenth at gcc dot gnu.org 2022-11-30 12:48 ` redi at gcc dot gnu.org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: rguenth at gcc dot gnu.org @ 2022-11-30 12:44 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |WAITING Last reconfirmed| |2022-11-30 --- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> --- I can't seem to reproduce with the unreduced non-preprocessed source? In the reduced testcase there's void _M_range_initialize(_ForwardIterator __first, _ForwardIterator __last, random_access_iterator_tag) { size_type __n; _M_impl._M_start = _M_allocate(_S_check_init_len(__n, _M_get_Tp_allocator())); so __n is clearly uninitialized. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer 2022-11-30 2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org 2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org @ 2022-11-30 12:48 ` redi at gcc dot gnu.org 2022-12-01 1:12 ` larsbj at gullik dot org 2022-12-01 14:22 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2022-11-30 12:48 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927 --- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> --- In the original <vector> code that should be: const size_type __n = std::distance(__first, __last); ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer 2022-11-30 2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org 2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org 2022-11-30 12:48 ` redi at gcc dot gnu.org @ 2022-12-01 1:12 ` larsbj at gullik dot org 2022-12-01 14:22 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: larsbj at gullik dot org @ 2022-12-01 1:12 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927 --- Comment #3 from Lars Gullik Bjønnes <larsbj at gullik dot org> --- I cannot send you the unreduced preprocessed code and I have failed at creating a small snippet that produces the error. This is the compiler output though. Something might be gleaned from that. In function ‘constexpr decltype (::new(void*(0)) _Tp) std::construct_at(_Tp*, _Args&& ...) [with _Tp = unsigned int; _Args = {unsigned int}]’, inlined from ‘static constexpr void std::allocator_traits<std::allocator<_CharT> >::construct(allocator_type&, _Up*, _Args&& ...) [with _Up = unsigned int; _Args = {unsigned int}; _Tp = unsigned int]’ at /usr/include/c++/12/bits/alloc_traits.h:518:21, inlined from ‘constexpr std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::emplace_back(_Args&& ...) [with _Args = {unsigned int}; _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at /usr/include/c++/12/bits/vector.tcc:117:30, inlined from ‘constexpr void std::vector<_Tp, _Alloc>::push_back(value_type&&) [with _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at /usr/include/c++/12/bits/stl_vector.h:1294:21, inlined from ‘rtcp::RTCPfeedback<T>::RTCPfeedback(int, std::initializer_list<unsigned int>) [with RTCP_PACKET_TYPE T = RTCP_PT_RR]’ at functional/protocols/rtpshared/api/rtp/rtcppacket.hpp:27:20, inlined from ‘rtcp::RTCPfeedback<RTCP_PT_RR> rtcp::makeEmptyRR(uint32_t)’ at functional/protocols/rtpshared/rtcppacket.cpp:15:53: /usr/include/c++/12/bits/stl_construct.h:97:14: warning: array subscript 1 is outside array bounds of ‘unsigned int [1]’ [-Warray-bounds] 97 | { return ::new((void*)__location) _Tp(std::forward<_Args>(__args)...); } | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /usr/include/c++/12/x86_64-redhat-linux/bits/c++allocator.h:33, from /usr/include/c++/12/bits/allocator.h:46, from /usr/include/c++/12/string:41: In member function ‘_Tp* std::__new_allocator<_Tp>::allocate(size_type, const void*) [with _Tp = unsigned int]’, inlined from ‘constexpr _Tp* std::allocator< <template-parameter-1-1> >::allocate(std::size_t) [with _Tp = unsigned int]’ at /usr/include/c++/12/bits/allocator.h:188:40, inlined from ‘static constexpr _Tp* std::allocator_traits<std::allocator<_CharT> >::allocate(allocator_type&, size_type) [with _Tp = unsigned int]’ at /usr/include/c++/12/bits/alloc_traits.h:464:28, inlined from ‘constexpr std::_Vector_base<_Tp, _Alloc>::pointer std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at /usr/include/c++/12/bits/stl_vector.h:378:33, inlined from ‘constexpr std::_Vector_base<_Tp, _Alloc>::pointer std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at /usr/include/c++/12/bits/stl_vector.h:375:7, inlined from ‘constexpr void std::vector<_Tp, _Alloc>::_M_range_initialize(_ForwardIterator, _ForwardIterator, std::forward_iterator_tag) [with _ForwardIterator = const unsigned int*; _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at /usr/include/c++/12/bits/stl_vector.h:1687:25, inlined from ‘constexpr std::vector<_Tp, _Alloc>::vector(std::initializer_list<_Tp>, const allocator_type&) [with _Tp = unsigned int; _Alloc = std::allocator<unsigned int>]’ at /usr/include/c++/12/bits/stl_vector.h:677:21, inlined from ‘rtcp::RTCPfeedback<T>::RTCPfeedback(int, std::initializer_list<unsigned int>) [with RTCP_PACKET_TYPE T = RTCP_PT_RR]’ at functional/protocols/rtpshared/api/rtp/rtcppacket.hpp:26:7, inlined from ‘rtcp::RTCPfeedback<RTCP_PT_RR> rtcp::makeEmptyRR(uint32_t)’ at functional/protocols/rtpshared/rtcppacket.cpp:15:53: /usr/include/c++/12/bits/new_allocator.h:137:48: note: at offset 4 into object of size 4 allocated by ‘operator new’ 137 | return static_cast<_Tp*>(_GLIBCXX_OPERATOR_NEW(__n * sizeof(_Tp))); | ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/107927] vector::push_back gives array bounds warning with optimization and undefined sanitizer 2022-11-30 2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org ` (2 preceding siblings ...) 2022-12-01 1:12 ` larsbj at gullik dot org @ 2022-12-01 14:22 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2022-12-01 14:22 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927 --- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> --- It might be fixed by r13-4393-gcca06f0d6d76b0 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-01 14:22 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-11-30 2:15 [Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer larsbj at gullik dot org 2022-11-30 12:44 ` [Bug tree-optimization/107927] " rguenth at gcc dot gnu.org 2022-11-30 12:48 ` redi at gcc dot gnu.org 2022-12-01 1:12 ` larsbj at gullik dot org 2022-12-01 14:22 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).