public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/109717] -Warray-bound error with gnu++20 and fmt library Date: Thu, 04 May 2023 11:11:18 +0000 [thread overview] Message-ID: <bug-109717-4-T5zfoIlMAX@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-109717-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109717 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jwakely.gcc at gmail dot com, | |rguenth at gcc dot gnu.org Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Component|tree-optimization |libstdc++ Last reconfirmed| |2023-05-04 --- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> --- So we see <bb 6> [local count: 14986075]: _60 = operator new (4); _43 = MEM[(const struct buffer *)this_10(D)].size_; _44 = _43 * 4; _63 = (signed long) _44; if (_63 > 4) goto <bb 7>; [90.00%] else goto <bb 8>; [10.00%] <bb 7> [local count: 12138721]: __builtin_memmove (_60, pretmp_118, _44); goto <bb 10>; [100.00%] and if _63 > 4 then the memmove will write out of bounds of the allocated storage. The stringop-overflow diagnostic is about the same thing. There's eventually a missed optimization that we do not discover this path as not taken, but I do not see any write to size_ in the function. There's <bb 5> [local count: 272474101]: *pretmp_118 = 1; if (pretmp_154 == 0) goto <bb 6>; [50.00%] else goto <bb 12>; [50.00%] and <bb 4> [local count: 148083751]: pretmp_118 = MEM[(struct buffer *)this_10(D)].ptr_; pretmp_154 = MEM[(struct buffer *)this_10(D)].capacity_; if (exp_6(D) == 0) goto <bb 5>; [20.24%] else goto <bb 13>; [79.76%] but given capacity is zero on this path size_ is probably zero as well (but that's not visible here). An assertion in the library that size_ <= capacity_ would maybe help. To sum up, there's nothing the diagnostic code can do here - it simply doesn't have sufficient information to prune this diagnostic.
next prev parent reply other threads:[~2023-05-04 11:11 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-05-03 15:35 [Bug c++/109717] New: " psmith at gnu dot org 2023-05-03 15:47 ` [Bug c++/109717] " psmith at gnu dot org 2023-05-03 16:37 ` redi at gcc dot gnu.org 2023-05-03 20:23 ` [Bug tree-optimization/109717] " psmith at gnu dot org 2023-05-03 20:34 ` redi at gcc dot gnu.org 2023-05-04 11:11 ` rguenth at gcc dot gnu.org [this message] 2023-05-04 11:13 ` redi at gcc dot gnu.org 2023-05-04 11:16 ` redi at gcc dot gnu.org 2023-05-04 11:37 ` rguenth at gcc dot gnu.org 2023-05-04 13:30 ` psmith at gnu dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-109717-4-T5zfoIlMAX@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).