https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97556
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> --- I think the problem is that compute_objsize doesn't bother to check for any kind of overflow on any arithmetics it does. E.g. in: 4815 offset_int sz = wi::to_offset (tpsize); 4816 orng[0] *= sz; 4817 orng[1] *= sz; when orng[0] is 1000000000 and orng[1] is -1 and sz is 3, everything is multiplied by 3, so we end up with 3000000000 and -3. Later on the upper bound is set to 311 offset_int maxoff = wi::to_offset (TYPE_MAX_VALUE (ptrdiff_type_node)); 312 offrng[1] = maxoff; and size_remaining then asserts something that the computation can't really guarantee. Adjusted testcase that ICEs with -O2 -m64 the same way: char a[1][3]; int b; void f () { unsigned long long c = 7000000000000000000ULL; if (b) goto L; while (b) { c = ~0ULL; L: a[c][0] = 0; } }