[Bug c++/97049] New: Cryptic warning "__builtin_memmove pointer overflow between offset ... and size ..." with -m32

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c++/97049] New: Cryptic warning "__builtin_memmove pointer overflow between offset ... and size ..." with -m32
@ 2020-09-14 18:37 officesamurai at gmail dot com
  2020-09-14 22:02 ` [Bug c++/97049] " msebor at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: officesamurai at gmail dot com @ 2020-09-14 18:37 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97049

            Bug ID: 97049
           Summary: Cryptic warning "__builtin_memmove pointer overflow
                    between offset ... and size ..." with -m32
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: officesamurai at gmail dot com
  Target Milestone: ---

Created attachment 49216
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49216&action=edit
The code in question

This looks similar to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92879 but
this one needs -m32 to reproduce. Also, the warning message doesn't mention the
offending line number which makes it particularly cryptic.

-----------------
$ g++-10.2.0 -O2 -m32 -c gcc10_builtin_memmove_exceeds_maximum_obj_size.cpp
In function ‘void foo()’:
cc1plus: warning: ‘void* __builtin_memmove(void*, const void*, unsigned int)’
specified bound 4294967288 exceeds maximum object size 2147483647
[]8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
-----------------

With -Wno-stringop-overflow -Wall another warning is produced:

-----------------
$ g++-10.2.0 -O2 -m32 -c gcc10_builtin_memmove_exceeds_maximum_obj_size.cpp
-Wno-stringop-overflow -Wall
In function ‘void foo()’:
cc1plus: warning: ‘void* __builtin_memmove(void*, const void*, unsigned int)’
pointer overflow between offset [0, 1073741831] and size 4294967288
[]8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Warray-bounds-Warray-bounds]8;;]
-----------------

Interestingly, if I change the type of 'size' on the line 116 to 'int', the
warnings go away.


The compiler:
-----------------
$ g++-10.2.0 -v
Using built-in specs.
COLLECT_GCC=g++-10.2.0
COLLECT_LTO_WRAPPER=/home/brd/soft/gcc-10.2.0/libexec/gcc/x86_64-pc-linux-gnu/10.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ./configure --prefix=/home/brd/soft/gcc-10.2.0
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 10.2.0 (GCC) 

-----------------

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug c++/97049] Cryptic warning "__builtin_memmove pointer overflow between offset ... and size ..." with -m32
  2020-09-14 18:37 [Bug c++/97049] New: Cryptic warning "__builtin_memmove pointer overflow between offset ... and size ..." with -m32 officesamurai at gmail dot com
@ 2020-09-14 22:02 ` msebor at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-09-14 22:02 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97049

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|                            |11.0, 9.3.0
     Ever confirmed|0                           |1
                 CC|                            |msebor at gcc dot gnu.org
   Last reconfirmed|                            |2020-09-14
      Known to fail|                            |10.2.0
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed with GCC 10.  Trunk doesn't show the warning because it doesn't
synthesize the invalid memmove call.

The warning is issued on the basis of the memmove call in IL below.  The
constant 4294967288 is too large to represent a valid size of an object in
ILP32.  The -Warray-bounds warning complains about the same thing (that the
result of adding the offset into the object to the size isn't a valid pointer).

  <bb 36> [local count: 714496489]:
  _44 = MEM[(const struct InlineStorage *)&testArray]._capacity;
  if (_44 != 1)
    goto <bb 21>; [66.00%]
  else
    goto <bb 37>; [34.00%]

  <bb 37> [local count: 242928809]:
  _135 = (unsigned int) &MEM <union aligned_storage_t> [(void *)&testArray];
  _37 = (unsigned int) &MEM[(struct InlineStorage *)&testArray]._union;
  _46 = _37 - _135;
  _102 = &MEM <union aligned_storage_t> [(void *)&testArray + 8B] + _46;
  _31 = &MEM <union aligned_storage_t> [(void *)&testArray] + _46;
  __builtin_memmove (_102, _31, 4294967288);
  MEM[(int *)&testArray + 8B] = 6;
  pos_32 = &MEM[(struct InlineStorage *)&testArray]._union + 4;
  goto <bb 24>; [100.00%]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-09-14 22:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-14 18:37 [Bug c++/97049] New: Cryptic warning "__builtin_memmove pointer overflow between offset ... and size ..." with -m32 officesamurai at gmail dot com
2020-09-14 22:02 ` [Bug c++/97049] " msebor at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).