public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "weilercdale at gmail dot com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug rtl-optimization/115056] New: Miscompilation triggering -Wstringop-overflow and -Warray-bounds warning when -O2 or higher Date: Sun, 12 May 2024 23:27:30 +0000 [thread overview] Message-ID: <bug-115056-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115056 Bug ID: 115056 Summary: Miscompilation triggering -Wstringop-overflow and -Warray-bounds warning when -O2 or higher Product: gcc Version: 14.1.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: rtl-optimization Assignee: unassigned at gcc dot gnu.org Reporter: weilercdale at gmail dot com Target Milestone: --- I've isolated what appears to be an unsound __builtin_memset optimization applied by gcc 14.1.1 on a hash function in a cryptographic library where it writes one byte beyond the end of a buffer. The compiler thankfully reports two warnings when it happens. The isolated test case is small so I'll provide it inline #include <string.h> #include <stdio.h> typedef union { unsigned char as_bytes[64]; unsigned long long as_chunks[64 / sizeof(unsigned long long)]; } Block; int main(int argc, char **argv) { Block block; int i = strlen(argv[0]), j = 0; for (; j < i; j++) block.as_bytes[j] = argv[0][j]; while (++j & 7) block.as_bytes[j] = 0; if (j > 56) while (j < 64) block.as_bytes[j++] = 0; while (j < 56) block.as_bytes[j++] = 0; for (j = 0; j < 8; j++) printf("%d\n", (int)block.as_chunks[j]); } Compiling this with -O2 produces the following warning t.c: In function ‘main’: t.c:12:56: warning: ‘__builtin_memset’ writing 8 bytes into a region of size 7 overflows the destination [-Wstringop-overflow=] 12 | if (j > 56) while (j < 64) block.as_bytes[j++] = 0; | ~~~~~~~~~~~~~~~~~~~~^~~ t.c:8:15: note: at offset [57, 63] into destination object ‘block’ of size 64 8 | Block block; | ^~~~~ Compiling this with -O2 and -Wall produces the following warning t.c: In function ‘main’: t.c:12:56: warning: ‘__builtin_memset’ forming offset 64 is out of the bounds [0, 64] of object ‘block’ with type ‘Block’ [-Warray-bounds=] 12 | if (j > 56) while (j < 64) block.as_bytes[j++] = 0; | ~~~~~~~~~~~~~~~~~~~~^~~ t.c:8:15: note: ‘block’ declared here 8 | Block block; | ^~~~~
next reply other threads:[~2024-05-12 23:27 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-05-12 23:27 weilercdale at gmail dot com [this message] 2024-05-12 23:29 ` [Bug rtl-optimization/115056] [14 regression] Miscompilation (also triggering -Wstringop-overflow and -Warray-bounds warning) " sjames at gcc dot gnu.org 2024-05-12 23:32 ` sjames at gcc dot gnu.org 2024-05-12 23:34 ` weilercdale at gmail dot com 2024-05-12 23:35 ` sjames at gcc dot gnu.org 2024-05-12 23:38 ` weilercdale at gmail dot com 2024-05-12 23:39 ` sjames at gcc dot gnu.org 2024-05-13 0:57 ` [Bug rtl-optimization/115056] [14/15 " sjames at gcc dot gnu.org 2024-05-13 1:14 ` weilercdale at gmail dot com 2024-05-13 1:18 ` sjames at gcc dot gnu.org 2024-05-13 1:18 ` sjames at gcc dot gnu.org 2024-05-13 1:51 ` weilercdale at gmail dot com 2024-05-13 9:49 ` rguenth at gcc dot gnu.org 2024-05-20 7:39 ` [Bug middle-end/115056] [14/15 regression] False positive -Wstringop-overflow and -Warray-bounds sjames at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-115056-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).