https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104965
Bug ID: 104965
Summary: Yet another -Warray-bounds false positive
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
Blocks: 56456
Target Milestone: ---
Maybe another dup, I can't keep track.
#include <string>
template<typename T>
T* f(const std::basic_string<T>& str)
{
auto n = str.size();
auto p = new T[n];
str.copy(p, n);
return p;
}
int main()
{
std::basic_string<unsigned short> s;
auto p = f(s);
char c = 0;
if (s.size())
c = *p;
delete[] p;
return c;
}
With -O2
copy.cc: In function 'int main()':
copy.cc:18:9: warning: array subscript 0 is outside array bounds of 'short
unsigned int [0]' [-Warray-bounds]
18 | c = *p;
| ^~
In function 'T* f(const std::__cxx11::basic_string<_CharT>&) [with T = short
unsigned int]',
inlined from 'int main()' at copy.cc:15:13:
copy.cc:7:12: note: object of size 0 allocated by 'operator new []'
7 | auto p = new T[n];
| ^~~~~~~~
This is ridiculous. The array subscript is guarded by the same length as the
array. GCC manages to use the string length to determine the allocation size,
but can't use it to confirm the conditional read doesn't happen.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds
