https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84383
Bug ID: 84383 Summary: [8 Regression] ICE in maybe_diag_stxncpy_trunc Product: gcc Version: 8.0 Status: UNCONFIRMED Keywords: ice-on-valid-code Severity: normal Priority: P3 Component: tree-optimization Assignee: jakub at gcc dot gnu.org Reporter: jakub at gcc dot gnu.org Target Milestone: --- int a; struct S { char *s; }; void bar (struct S *); void foo (char *b) { struct S c[4]; bar (c); __builtin_strncpy (c[a].s, b, 32); c[a].s[31] = '\0'; } ICEs at -O2 or fails under valgrind, like: ==32746== Conditional jump or move depends on uninitialised value(s) ==32746== at 0x1234997: maybe_diag_stxncpy_trunc(gimple_stmt_iterator, tree_node*, tree_node*) (tree-ssa-strlen.c:1881) ==32746== by 0x1235595: handle_builtin_stxncpy(built_in_function, gimple_stmt_iterator*) (tree-ssa-strlen.c:2079) ==32746== by 0x1238BEE: strlen_check_and_optimize_stmt(gimple_stmt_iterator*, bool*) (tree-ssa-strlen.c:3142) ==32746== by 0x123A225: strlen_dom_walker::before_dom_children(basic_block_def*) (tree-ssa-strlen.c:3475) depending on what uninitialized value dstoff has.