public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/99532] New: missing warning on placement new into smaller space
@ 2021-03-10 22:56 msebor at gcc dot gnu.org
0 siblings, 0 replies; only message in thread
From: msebor at gcc dot gnu.org @ 2021-03-10 22:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99532
Bug ID: 99532
Summary: missing warning on placement new into smaller space
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
Neither of the two buffer overflows below is diagnosed but they both should be.
The difference between the two is that the first uses direct access to the
array (i.e,, COMPONENT_REF) while the second direct access to the enclosing
object (MEM_REF). The missing warning for the former is due to pr99502 but the
latter is something else.
$ cat x.C && gcc -O2 -S -Wall -fdump-tree-vrp1=/dev/stdout x.C
void* operator new (__SIZE_TYPE__, void *p) { return p; }
struct A4 { char a[4]; };
struct A8 { char a[8]; };
void* f ()
{
void *p = __builtin_malloc (3);
return new (p) A4 (); // missing warning
}
void* g ()
{
void *p = __builtin_malloc (7);
return new (p) A8 (); // missing warning
}
;; Function operator new (_ZnwmPv, funcdef_no=0, decl_uid=2348, cgraph_uid=1,
symbol_order=0)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
Value ranges after VRP:
void * operator new (long unsigned int D.2346, void * p)
{
<bb 2> [local count: 1073741824]:
return p_1(D);
}
;; Function f (_Z1fv, funcdef_no=1, decl_uid=2356, cgraph_uid=2,
symbol_order=1)
;; 2 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
SSA replacement table
N_i -> { O_1 ... O_j } means that N_i replaces O_1, ..., O_j
p_11 -> { p_5 }
Incremental SSA update started at block: 2
Number of blocks in CFG: 16
Number of blocks to update: 1 ( 6%)
Value ranges after VRP:
p_5: void * VARYING
p_11: void * [1B, +INF] EQUIVALENCES: { p_5 } (1 elements)
void * f ()
{
void * p;
<bb 2> [local count: 268435456]:
p_5 = __builtin_malloc (3);
MEM[(struct A4 *)p_5].a[0] = 0;
MEM[(struct A4 *)p_5].a[1] = 0;
MEM[(struct A4 *)p_5].a[2] = 0;
MEM[(struct A4 *)p_5].a[3] = 0;
return p_5;
}
;; Function g (_Z1gv, funcdef_no=2, decl_uid=2385, cgraph_uid=3,
symbol_order=2)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2
;; 2 succs { 1 }
SSA replacement table
N_i -> { O_1 ... O_j } means that N_i replaces O_1, ..., O_j
p_5 -> { p_3 }
Incremental SSA update started at block: 2
Number of blocks in CFG: 3
Number of blocks to update: 1 ( 33%)
Value ranges after VRP:
p_3: void * VARYING
p_5: void * [1B, +INF] EQUIVALENCES: { p_3 } (1 elements)
void * g ()
{
void * p;
<bb 2> [local count: 1073741824]:
p_3 = __builtin_malloc (7);
MEM[(struct A8 *)p_3] = {};
return p_3;
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-03-10 22:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-10 22:56 [Bug tree-optimization/99532] New: missing warning on placement new into smaller space msebor at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).