https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483
Rainer Orth <ro at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Last reconfirmed| |2024-02-29 Resolution|FIXED |--- Status|RESOLVED |REOPENED --- Comment #5 from Rainer Orth <ro at gcc dot gnu.org> --- Thanks for the patch. Last night's bootstrap showed that all C tests PASS now. However, two of the tests FAIL when compiled as C++: FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c -std=c++98 (test for warnings, line 25) FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c -std=c++98 at line 20 (test for warnings, line 19) FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c -std=c++98 expected multiline pattern lines 30-45 and same for -std=c++(14|17|20). When compiling manually, there's no output at all. There's also FAIL: c-c++-common/analyzer/out-of-bounds-diagram-11.c -std=c++98 (test for warnings, line 12) FAIL: c-c++-common/analyzer/out-of-bounds-diagram-11.c -std=c++98 expected multiline pattern lines 18-36 Here's the full output: /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c: In function ‘void test7(std::size_t)’: /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47: warning: allocated buffer size is not a multiple of the pointee's size [CWE-131] [-Wanalyzer-allocation-size] /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47: note: (1) allocated ‘((size * 4) + 3)’ bytes and assigned to ‘int32_t*’ {aka ‘int*’} here; ‘sizeof (int32_t {aka int})’ is ‘4’ /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:42:13: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds] /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47: note: (1) capacity: ‘((size * 4) + 3)’ bytes /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:42:13: note: (2) write of 4 bytes at offset ‘(size * 4)’ exceeds the buffer ┌───────────────────────────────────────┐ │ write of ‘(int) 42’ │ └───────────────────────────────────────┘ │ │ │ │ v v ┌──────────────────────────────────────────────────┐┌──────────────────┐ │ buffer allocated on stack at (1) ││after valid range │ └──────────────────────────────────────────────────┘└──────────────────┘ ├────────────────────────┬─────────────────────────┤├────────┬─────────┤ │ │ ╭───────────────┴──────────────╮ ╭─────────┴────────╮ │capacity: ‘size * 4 + 3’ bytes│ │overflow of 1 byte│ ╰──────────────────────────────╯ ╰──────────────────╯ /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c: In function ‘char* test99(const char*, const char*)’: /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:80:25: warning: heap-based buffer overflow [CWE-122] [-Wanalyzer-out-of-bounds] /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:74:44: note: (1) capacity: ‘(len_x + len_y)’ bytes /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:75:3: note: (2) following ‘false’ branch (when ‘result’ is non-NULL)... /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:77:20: note: (3) ...to here /vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:80:25: note: (4) out-of-bounds write I'm uncertain if this isn't another issue, though.