public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "jason at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/97595] [11 Regression] bogus -Wstringop-overflow due to DECL_SIZE_UNIT underreporting field size Date: Mon, 16 Nov 2020 17:10:03 +0000 [thread overview] Message-ID: <bug-97595-4-w2hpuETfa2@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-97595-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97595 --- Comment #5 from Jason Merrill <jason at gcc dot gnu.org> --- (In reply to Martin Sebor from comment #3) > I can confirm the warning but I'm not sure the bug is in the middle end > code. Let me CC Jason for his comments. > > The warning triggers for the MEM_REF below: > > MEM[(char &)_10 + 224] = _24; > > in the following GIMPLE ("type" is char). The destination of the access is > this_3(D)->D.45669 which is the basic_istream subobject. Its size reported > by DECL_SIZE_UNIT() in component_ref_size() is 16. The initial offset > (i.e., _10) is indeterminate but it's taken to be in the range bounded by > the size of the object, or [0, 16]. Given that, the constant offset 224 is > determined to be out of bounds. What you're seeing is that the DECL_SIZE of the base subobject excludes any virtual bases, because they are laid out in the most derived class, while the TYPE_SIZE of the base type includes them. CLASSTYPE_SIZE of the base type should match the DECL_SIZE. It's definitely OK for a program to refer to a virtual base through any of the derived classes. > The change introduced in r11-3827 that triggers the warning is the assumption > that unless determined otherwise, an indeterminate offset into an object must > be bounded by the object's size. So this assumption is invalid for base subobjects of types with virtual bases; such an offset is only bounded by the most-derived object's size.
next prev parent reply other threads:[~2020-11-16 17:10 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-10-27 15:22 [Bug tree-optimization/97595] New: [11 Regression] warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] redi at gcc dot gnu.org 2020-10-27 15:22 ` [Bug tree-optimization/97595] " redi at gcc dot gnu.org 2020-10-27 15:27 ` redi at gcc dot gnu.org 2020-10-27 16:28 ` [Bug tree-optimization/97595] [11 Regression] bogus -Wstringop-overflow due to DECL_SIZE_UNIT underreporting field size msebor at gcc dot gnu.org 2020-10-28 9:09 ` rguenth at gcc dot gnu.org 2020-11-14 22:19 ` msebor at gcc dot gnu.org 2020-11-16 17:10 ` jason at gcc dot gnu.org [this message] 2020-12-01 16:16 ` msebor at gcc dot gnu.org 2020-12-01 22:11 ` cvs-commit at gcc dot gnu.org 2020-12-01 22:13 ` msebor at gcc dot gnu.org 2021-02-23 23:12 ` msebor at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-97595-4-w2hpuETfa2@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).