From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 805A238B7C1C; Fri, 7 Jun 2024 02:09:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 805A238B7C1C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1717726197; bh=BrmfhrbUgamBgQldACreBLKgulTHDb4xyfhR3PFFGko=; h=From:To:Subject:Date:From; b=IRpeGy7tvQm17FtxFYDjbD5k4gGwPBLjYtD5BwATdcBHYjy3jMy/jEy+7aLSF5y5V JH1s6M4yyg+aa9saD23neMVJOFk+bX0BGouNhacxdvomgTsIrqynHjtXwQFzUJfnoE mC1n2rMRVEZzM5TkS4XdKtuKRioBkjWI6fdS4te8= From: "pinskia at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/115380] New: Missing MUL_OVERFLOW support in analayzer Date: Fri, 07 Jun 2024 02:09:57 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 15.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: pinskia at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status keywords bug_severity priority component assigned_to reporter blocked target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D115380 Bug ID: 115380 Summary: Missing MUL_OVERFLOW support in analayzer Product: gcc Version: 15.0 Status: UNCONFIRMED Keywords: diagnostic Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: pinskia at gcc dot gnu.org Blocks: 109896 Target Milestone: --- Take (which is a modified version of g++.dg/analyzer/placement-new-size.C): ``` /* { dg-additional-options "-Wno-placement-new -Wno-analyzer-use-of-uninitialized-value" } */ #include #include #include void static_buffer_too_short (int t) { int n =3D t*4; int n1 =3D (t+1); if (__builtin_mul_overflow(n1, 4, &n1)) __builtin_abort(); char buf[n]; char *p =3D new (buf) char[n1]; /* { dg-warning "stack-based buffer overf= low" } */ } void static_buffer_too_short1 (int t) { int n =3D t*4; int n1 =3D (t+1); n1 =3D n1*4; char buf[n]; char *p =3D new (buf) char[n1]; /* { dg-warning "stack-based buffer overf= low" } */ } ``` static_buffer_too_short should warn the same way as static_buffer_too_short1 currently does. Note this was found while looking into the regressions developing of the pa= tch for PR 109896. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109896 [Bug 109896] Missed optimisation: overflow detection in multiplication instructions for operator new=