[Bug c++/108860] New: New (since gcc 12) false positive null-dereference in vector.resize

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c++/108860] New: New (since gcc 12) false positive null-dereference in vector.resize
@ 2023-02-20 12:49 dezi_0_1 at yahoo dot de
  2023-02-21  1:46 ` [Bug tree-optimization/108860] " redi at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: dezi_0_1 at yahoo dot de @ 2023-02-20 12:49 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108860

            Bug ID: 108860
           Summary: New (since gcc 12) false positive null-dereference in
                    vector.resize
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dezi_0_1 at yahoo dot de
  Target Milestone: ---

The following code produces a warning with gcc 12.1 (tested with godbolt) and
12.2 (tested with godbolt and the version on ubuntu 22.10), but not with gcc
11.3 (tested with godbolt):

❯ cat test.cpp
#include <vector>

void test(std::size_t val1, std::size_t val2) {
    std::vector<int> data;
    if(val2 > 0)
        data.resize(val1 / val2);
}
❯ g++ -O2 -Wnull-dereference test.cpp
In file included from /usr/include/c++/12/vector:62,
                 from test.cpp:1:
In function ‘void std::_Construct(_Tp*, _Args&& ...) [with _Tp = int; _Args =
{}]’,
    inlined from ‘static _ForwardIterator
std::__uninitialized_default_n_1<true>::__uninit_default_n(_ForwardIterator,
_Size) [with _ForwardIterator = int*; _Size = long unsigned int]’ at
/usr/include/c++/12/bits/stl_uninitialized.h:661:23,
    inlined from ‘static _ForwardIterator
std::__uninitialized_default_n_1<true>::__uninit_default_n(_ForwardIterator,
_Size) [with _ForwardIterator = int*; _Size = long unsigned int]’ at
/usr/include/c++/12/bits/stl_uninitialized.h:655:9,
    inlined from ‘_ForwardIterator
std::__uninitialized_default_n(_ForwardIterator, _Size) [with _ForwardIterator
= int*; _Size = long unsigned int]’ at
/usr/include/c++/12/bits/stl_uninitialized.h:701:20,
    inlined from ‘_ForwardIterator
std::__uninitialized_default_n_a(_ForwardIterator, _Size, allocator<_Tp>&)
[with _ForwardIterator = int*; _Size = long unsigned int; _Tp = int]’ at
/usr/include/c++/12/bits/stl_uninitialized.h:766:44,
    inlined from ‘void std::vector<_Tp, _Alloc>::_M_default_append(size_type)
[with _Tp = int; _Alloc = std::allocator<int>]’ at
/usr/include/c++/12/bits/vector.tcc:655:41,
    inlined from ‘void std::vector<_Tp, _Alloc>::resize(size_type) [with _Tp =
int; _Alloc = std::allocator<int>]’ at
/usr/include/c++/12/bits/stl_vector.h:1011:21,
    inlined from ‘void test(std::size_t, std::size_t)’ at test.cpp:6:20:
/usr/include/c++/12/bits/stl_construct.h:119:7: warning: null pointer
dereference [-Wnull-dereference]
  119 |       ::new((void*)__p) _Tp(std::forward<_Args>(__args)...);
      |       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


The `if(val2 > 0)` is not necessary to produce the warning but I wanted to make
sure that this isn't due to a possible division by zero. 
The warning is also output with -O3 but not with -O1 or -O0.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug tree-optimization/108860] New (since gcc 12) false positive null-dereference in vector.resize
  2023-02-20 12:49 [Bug c++/108860] New: New (since gcc 12) false positive null-dereference in vector.resize dezi_0_1 at yahoo dot de
@ 2023-02-21  1:46 ` redi at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: redi at gcc dot gnu.org @ 2023-02-21  1:46 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108860

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2023-02-21

--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Somehow GCC thinks __len can be 0 here, and so __new_start can be null:

              const size_type __len =
                _M_check_len(__n, "vector::_M_default_append");
              pointer __new_start(this->_M_allocate(__len));

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-02-21  1:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-20 12:49 [Bug c++/108860] New: New (since gcc 12) false positive null-dereference in vector.resize dezi_0_1 at yahoo dot de
2023-02-21  1:46 ` [Bug tree-optimization/108860] " redi at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).