public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/109298] New: warning: array subscript ‘...’ is partly outside array bounds of ‘...’
@ 2023-03-27 12:59 ubizjak at gmail dot com
2023-03-28 7:07 ` [Bug tree-optimization/109298] " rguenth at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: ubizjak at gmail dot com @ 2023-03-27 12:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109298
Bug ID: 109298
Summary: warning: array subscript ‘...’ is partly outside array
bounds of ‘...’
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: ubizjak at gmail dot com
Target Milestone: ---
This warning/error is actually emitted when compiling
drivers/infiniband/core/user_mad.c linux source file.
The testcase:
--cut here--
enum {
IB_MGMT_RMPP_HDR = 36,
IB_MGMT_RMPP_DATA = 220,
};
struct ib_umad_packet {
int hdr;
unsigned char data[];
};
struct ib_rmpp_mad {
int class;
unsigned char data[IB_MGMT_RMPP_DATA];
};
int foo (const unsigned char *buf)
{
struct ib_umad_packet *packet;
struct ib_rmpp_mad *rmpp_mad;
packet = __builtin_malloc (sizeof *packet + IB_MGMT_RMPP_HDR);
__builtin_memcpy (&packet->data, buf, IB_MGMT_RMPP_HDR);
rmpp_mad = (struct ib_rmpp_mad *) packet->data;
return rmpp_mad->class;
}
--cut here--
-O2 -Wall
test.c: In function ‘foo’:
test.c:27:18: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly
outside array bounds of ‘unsigned char[40]’ [-Warray-bounds=]
27 | return rmpp_mad->class;
| ^~
test.c:21:12: note: at offset 4 into object of size 40 allocated by
‘__builtin_malloc’
21 | packet = __builtin_malloc (sizeof *packet + IB_MGMT_RMPP_HDR);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adding -fno-strict-aliasing to compile flags does not help.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug tree-optimization/109298] warning: array subscript ‘...’ is partly outside array bounds of ‘...’
2023-03-27 12:59 [Bug c/109298] New: warning: array subscript ‘...’ is partly outside array bounds of ‘...’ ubizjak at gmail dot com
@ 2023-03-28 7:07 ` rguenth at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-03-28 7:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109298
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|c |tree-optimization
Ever confirmed|0 |1
Keywords| |diagnostic
Status|UNCONFIRMED |NEW
Blocks| |56456
Last reconfirmed| |2023-03-28
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed.
<bb 2> [local count: 1073741824]:
packet_4 = __builtin_malloc (40);
_1 = &packet_4->data;
__builtin_memcpy (_1, buf_5(D), 36);
_7 = MEM[(struct ib_rmpp_mad *)packet_4 + 4B].class;
return _7;
the issue is that rmpp_mad->class is considered a dereference of rmpp_mad
where ib_rmpp_mad doesn't fit in the allocation. The wording of the
diagnostic is just very confusing here.
How the fix to the driver should look like probably depends on the actual
source - for the reduced testcase the allocation/copying doesn't make sense
while for the actual driver it probably does.
As said above, the diagnostic wording could be improved, so confirmed.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-28 7:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-27 12:59 [Bug c/109298] New: warning: array subscript ‘...’ is partly outside array bounds of ‘...’ ubizjak at gmail dot com
2023-03-28 7:07 ` [Bug tree-optimization/109298] " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).