https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483
Rainer Orth <ro at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2024-02-29
Resolution|FIXED |---
Status|RESOLVED |REOPENED
--- Comment #5 from Rainer Orth <ro at gcc dot gnu.org> ---
Thanks for the patch. Last night's bootstrap showed that all C tests PASS now.
However, two of the tests FAIL when compiled as C++:
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c -std=c++98 (test for
warnings, line 25)
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c -std=c++98 at line 20
(test for warnings, line 19)
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c -std=c++98 expected
multiline pattern lines 30-45
and same for -std=c++(14|17|20). When compiling manually, there's no output at
all.
There's also
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-11.c -std=c++98 (test for
warnings, line 12)
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-11.c -std=c++98 expected
multiline pattern lines 18-36
Here's the full output:
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:
In function ‘void test7(std::size_t)’:
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47:
warning: allocated buffer size is not a multiple of the pointee's size
[CWE-131] [-Wanalyzer-allocation-size]
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47:
note: (1) allocated ‘((size * 4) + 3)’ bytes and assigned to ‘int32_t*’ {aka
‘int*’} here; ‘sizeof (int32_t {aka int})’ is ‘4’
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:42:13:
warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds]
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47:
note: (1) capacity: ‘((size * 4) + 3)’ bytes
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:42:13:
note: (2) write of 4 bytes at offset ‘(size * 4)’ exceeds the buffer
┌───────────────────────────────────────┐
│ write of ‘(int) 42’ │
└───────────────────────────────────────┘
│ │
│ │
v v
┌──────────────────────────────────────────────────┐┌──────────────────┐
│ buffer allocated on stack at (1) ││after valid range │
└──────────────────────────────────────────────────┘└──────────────────┘
├────────────────────────┬─────────────────────────┤├────────┬─────────┤
│ │
╭───────────────┴──────────────╮ ╭─────────┴────────╮
│capacity: ‘size * 4 + 3’ bytes│ │overflow of 1 byte│
╰──────────────────────────────╯ ╰──────────────────╯
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:
In function ‘char* test99(const char*, const char*)’:
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:80:25:
warning: heap-based buffer overflow [CWE-122] [-Wanalyzer-out-of-bounds]
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:74:44:
note: (1) capacity: ‘(len_x + len_y)’ bytes
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:75:3:
note: (2) following ‘false’ branch (when ‘result’ is non-NULL)...
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:77:20:
note: (3) ...to here
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:80:25:
note: (4) out-of-bounds write
I'm uncertain if this isn't another issue, though.
