public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/109290] New: warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’
@ 2023-03-27 7:41 ubizjak at gmail dot com
2023-03-27 7:45 ` [Bug c/109290] " ubizjak at gmail dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2023-03-27 7:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109290
Bug ID: 109290
Summary: warning: array subscript -50 is outside array bounds
of ‘struct kobject[36028797018963967]’
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: ubizjak at gmail dot com
Target Milestone: ---
Happens while compiling recent linux kernel. Several instances of ... in the
same place:
In function ‘btrfs_show_u64’,
inlined from ‘btrfs_space_info_show_flags’ at fs/btrfs/sysfs.c:867:1:
fs/btrfs/sysfs.c:637:13: error: array subscript -50 is outside array bounds of
‘struct kobject[36028797018963967]’ [-Werror=array-bounds=]
637 | val = *value_ptr;
| ~~~~^~~~~~~~~~~~
In function ‘btrfs_show_u64’,
inlined from ‘btrfs_space_info_show_total_bytes’ at fs/btrfs/sysfs.c:868:1:
fs/btrfs/sysfs.c:637:13: error: array subscript -64 is outside array bounds of
‘struct kobject[36028797018963967]’ [-Werror=array-bounds=]
637 | val = *value_ptr;
| ~~~~^~~~~~~~~~~~
...
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/109290] warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’
2023-03-27 7:41 [Bug c/109290] New: warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’ ubizjak at gmail dot com
@ 2023-03-27 7:45 ` ubizjak at gmail dot com
2023-03-27 9:02 ` [Bug tree-optimization/109290] " ubizjak at gmail dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2023-03-27 7:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109290
--- Comment #1 from Uroš Bizjak <ubizjak at gmail dot com> ---
Created attachment 54760
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54760&action=edit
Preprocessed file
-Warray-bounds -O2 -fno-strict-aliasing -fcf-protection=branch
-fno-delete-null-pointer-checks
In function ‘btrfs_show_u64’,
inlined from ‘btrfs_space_info_show_disk_used’ at fs/btrfs/sysfs.c:875:493:
fs/btrfs/sysfs.c:637:6: warning: array subscript -52 is outside array bounds of
‘struct kobject[36028797018963967]’ [-Warray-bounds=]
In function ‘btrfs_show_u64’,
inlined from ‘btrfs_space_info_show_disk_total’ at
fs/btrfs/sysfs.c:876:494:
fs/btrfs/sysfs.c:637:6: warning: array subscript -51 is outside array bounds of
‘struct kobject[36028797018963967]’ [-Warray-bounds=]
...
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/109290] warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’
2023-03-27 7:41 [Bug c/109290] New: warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’ ubizjak at gmail dot com
2023-03-27 7:45 ` [Bug c/109290] " ubizjak at gmail dot com
@ 2023-03-27 9:02 ` ubizjak at gmail dot com
2023-03-28 11:53 ` rguenth at gcc dot gnu.org
2023-12-17 4:49 ` lavr at ncbi dot nlm.nih.gov
3 siblings, 0 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2023-03-27 9:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109290
--- Comment #2 from Uroš Bizjak <ubizjak at gmail dot com> ---
Created attachment 54761
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54761&action=edit
Minimized testcase
-Warray-bounds -fno-delete-null-pointer-checks -O2
In function ‘btrfs_show_u64’,
inlined from ‘btrfs_space_info_show_flags’ at test.c:40:9:
test.c:31:13: warning: array subscript -1 is outside array bounds of ‘struct
kobject[1152921504606846975]’ [-Warray-bounds=]
31 | val = *value_ptr;
| ~~~~^~~~~~~~~~~~
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/109290] warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’
2023-03-27 7:41 [Bug c/109290] New: warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’ ubizjak at gmail dot com
2023-03-27 7:45 ` [Bug c/109290] " ubizjak at gmail dot com
2023-03-27 9:02 ` [Bug tree-optimization/109290] " ubizjak at gmail dot com
@ 2023-03-28 11:53 ` rguenth at gcc dot gnu.org
2023-12-17 4:49 ` lavr at ncbi dot nlm.nih.gov
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-03-28 11:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109290
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-03-28
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
dropping -fno-delete-null-pointer-checks avoids these diagnostics ... because
we actually diagnose
# VUSE <.MEM_4(D)>
val_8 = MEM[(u64 *)0B + -416B];
and that would have been isolated/removed by isolate-paths.
<bb 2> [local count: 1073741824]:
_1 = &MEM[(struct btrfs_space_info *)kobj_3(D) + -584B].lock;
if (_1 != 0B)
goto <bb 4>; [53.47%]
else
goto <bb 3>; [46.53%]
<bb 3> [local count: 499612072]:
val_8 = MEM[(u64 *)0B + -416B];
goto <bb 5>; [100.00%]
<bb 4> [local count: 574129753]:
_raw_spin_lock (_1);
val_10 = MEM[(u64 *)kobj_3(D) + -416B];
_raw_spin_unlock (_1);
<bb 5> [local count: 1073741824]:
# val_11 = PHI <val_8(3), val_10(4)>
_12 = sysfs_emit (buf_5(D), "%llu\n", val_11);
_13 = (long int) _12;
return _13;
and that's because we call
btrfs_show_u64(&sinfo->disk_used, &sinfo->lock, buf);
and btrfs_show_u64 does
static ssize_t btrfs_show_u64(u64 *value_ptr, spinlock_t *lock, char *buf)
{
u64 val;
if (lock)
spin_lock(lock);
val = *value_ptr;
if (lock)
spin_unlock(lock);
return sysfs_emit(buf, "%llu\n", val);
}
again the array-bounds diagnostic isn't very helpful - a
-Wnull-dereference diagnostic would be more helpful here.
And yes, we thread the double if (lock) here.
Without -fno-delete-null-pointer-checks we optimize the function to
<bb 2> [local count: 1073741824]:
_9 = &MEM[(struct btrfs_space_info *)kobj_3(D) + -584B].lock;
_raw_spin_lock (_9);
val_10 = MEM[(u64 *)kobj_3(D) + -456B];
_raw_spin_unlock (_9);
_12 = sysfs_emit (buf_5(D), "%llu\n", val_10);
_13 = (long int) _12;
return _13;
If you enable -Wnull-dereference (and disable -fno-delete-null-pointer-checks)
you get all these cases diagnosed:
In function 'to_fs_info',
inlined from 'btrfs_discard_kbps_limit_store' at fs/btrfs/sysfs.c:542:34:
fs/btrfs/sysfs.c:1318:10: warning: potential null pointer dereference
[-Wnull-dereference]
fs/btrfs/sysfs.c:1318:10: warning: potential null pointer dereference
[-Wnull-dereference]
...
so it's really a sign of bad coding / abstraction.
Again confirmed because the diagnostic from -Warray-bounds isn't very helpful
in pointing out the possible problem.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/109290] warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’
2023-03-27 7:41 [Bug c/109290] New: warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’ ubizjak at gmail dot com
` (2 preceding siblings ...)
2023-03-28 11:53 ` rguenth at gcc dot gnu.org
@ 2023-12-17 4:49 ` lavr at ncbi dot nlm.nih.gov
3 siblings, 0 replies; 5+ messages in thread
From: lavr at ncbi dot nlm.nih.gov @ 2023-12-17 4:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109290
lavr at ncbi dot nlm.nih.gov changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lavr at ncbi dot nlm.nih.gov
--- Comment #4 from lavr at ncbi dot nlm.nih.gov ---
GCC 11.4 produces the same warning on code as simple as this:
char buf[128];
char* c, q;
// buf is filled with some contents from a read()
if (!*(c = buf + strcspn(buf, kDigits)))
return 0;
q = c > buf ? c[-1] : '\0'; // THIS LINE GETS A WARNING
array subscript -1 is outside array bounds of 'char[128]' [-Warray-bounds]
Note that there's an explicit check that c > buf before accessing the index
backwards.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-12-17 4:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-27 7:41 [Bug c/109290] New: warning: array subscript -50 is outside array bounds of ‘struct kobject[36028797018963967]’ ubizjak at gmail dot com
2023-03-27 7:45 ` [Bug c/109290] " ubizjak at gmail dot com
2023-03-27 9:02 ` [Bug tree-optimization/109290] " ubizjak at gmail dot com
2023-03-28 11:53 ` rguenth at gcc dot gnu.org
2023-12-17 4:49 ` lavr at ncbi dot nlm.nih.gov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).