[Bug middle-end/110091] New: bogus -Wdangling-pointer on non-pointer values
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110091
Bug ID: 110091
Summary: bogus -Wdangling-pointer on non-pointer values
Product: gcc
Version: 12.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: patrickdepinguin at gmail dot com
Target Milestone: ---
Following reduced testcase gives a bogus -Wdangling-pointer:
struct tEntry
{
int value;
};
struct tOut
{
int outvalue;
};
extern struct tOut *out;
extern int otherfunc(struct tEntry *);
extern void anotherfunc(int val);
void bar()
{
struct tEntry entry = { 0 };
if (otherfunc(&entry) != 0)
{
return;
}
if (out)
{
out->outvalue = entry.value;
}
anotherfunc(5);
}
void foo()
{
bar();
}
$ gcc -O2 -Wall -Werror /opt/test.c
/opt/test.c: In function 'bar':
/opt/test.c:26:30: error: dangling pointer to 'entry' may be used
[-Werror=dangling-pointer=]
26 | out->outvalue = entry.value;
| ~^~
/opt/test.c:17:19: note: 'entry' declared here
17 | struct tEntry entry = { 0 };
| ^
In function 'bar',
inlined from 'foo' at /opt/test.c:34:5:
/opt/test.c:26:30: error: dangling pointer to 'entry' may be used
[-Werror=dangling-pointer=]
26 | out->outvalue = entry.value;
| ~^~
/opt/test.c: In function 'foo':
/opt/test.c:17:19: note: 'entry' declared here
17 | struct tEntry entry = { 0 };
| ^
cc1: all warnings being treated as errors
entry is a local struct, initialized to 0, and passed as pointer to an external
function.
But the use being warned about is not using any pointer.
Tested with 12.2.0 (Debian), 12.2.1 (Gentoo), 12.3.0 (official gcc docker
image), 13.1.0 (official gcc docker image).
[Bug c++/90809] -finstrument-functions-exclude-function-list mishandles comma escaping
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90809 Thomas De Schampheleire changed: What|Removed |Added CC||patrickdepinguin at gmail dot com --- Comment #3 from Thomas De Schampheleire --- A fix for this issue seems to have been applied as (git) commit efab3e3a7326ad503532955ccd31f953851e388a. This bug can thus be closed.
[Bug c++/90816] -finstrument-functions-exclude-function-list improperly handles namespace/class definitions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90816 Thomas De Schampheleire changed: What|Removed |Added CC||patrickdepinguin at gmail dot com --- Comment #3 from Thomas De Schampheleire --- A fix for this issue seems to have been applied as (git) commit efab3e3a7326ad503532955ccd31f953851e388a. This bug can thus be closed.
[Bug tree-optimization/103173] strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173 --- Comment #4 from Thomas De Schampheleire --- Note also that in the test program of comment #3, there is no problem if using the 'password' or 'application' fields, rather than 'user', which is first in the structure.
[Bug tree-optimization/103173] strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173
--- Comment #3 from Thomas De Schampheleire
---
While the original test program failed on gcc 11.2.0 but not on gcc 9.4.0, I
now encounter a very similar case that does fail on gcc 9.4.0:
--
#include
#define MAX_NR_USERS 10
struct user_data {
char user[32];
char password[32];
char application[32];
};
struct user_data users[MAX_NR_USERS];
void login_process()
{
char tmp_user[33];
for (int i = 0; i < MAX_NR_USERS; i++)
{
snprintf(tmp_user, sizeof(tmp_user), "%s", &(users[i].user[0]));
}
}
--
arm-cortex_a53-linux-gnueabi-gcc /tmp/gcc-9-test.c -c -Wall -O2
/tmp/gcc-9-test.c: In function 'login_process':
/tmp/gcc-9-test.c:19:47: warning: '%s' directive output may be truncated
writing up to 959 bytes into a region of size 33 [-Wformat-truncation=]
19 | snprintf(tmp_user, sizeof(tmp_user), "%s",
&(users[i].user[0]));
| ^~
/tmp/gcc-9-test.c:19:9: note: 'snprintf' output between 1 and 960 bytes into a
destination of size 33
19 | snprintf(tmp_user, sizeof(tmp_user), "%s",
&(users[i].user[0]));
| ^~~
Here, the claimed 960 bytes are the total size of 'users' (3 * 32 * 10), while
the copied 'user' field is only 33 byte and there should be no problem.
The error is now -Wformat-truncation instead of -Wstringop-truncation but
otherwise this looks to be the same underlying problem.
This compiler is:
Using built-in specs.
COLLECT_GCC=.../buildroot-toolchains-bis/output/host/opt/ext-toolchain/bin/arm-cortex_a53-linux-gnueabi-gcc
COLLECT_LTO_WRAPPER=.../buildroot-toolchains-bis/output/host/opt/ext-toolchain/arm/bin/../libexec/gcc/arm-cortex_a53-linux-gnueabi/9.4.0/lto-wrapper
Target: arm-cortex_a53-linux-gnueabi
Configured with:
.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/src/gcc/configure
--build=x86_64-build_pc-linux-gnu --host=x86_64-build_pc-linux-gnu
--target=arm-cortex_a53-linux-gnueabi
--prefix=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi
--exec_prefix=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi
--with-sysroot=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot
--enable-languages=c,c++,fortran --with-cpu=cortex-a53 --with-fpu=neon-fp-armv8
--with-float=hard --with-pkgversion='crosstool-NG 1.24.0.487_10ac846'
--enable-__cxa_atexit --disable-tm-clone-registry --disable-libmudflap
--disable-libgomp --disable-libssp --disable-libquadmath
--disable-libquadmath-support --disable-libsanitizer --disable-libmpx
--with-gmp=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--with-mpfr=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--with-mpc=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--with-isl=.../ctng/crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--disable-lto --without-zstd --enable-threads=posix --enable-target-optspace
--disable-plugin --disable-nls --disable-multilib
--with-local-prefix=.../ctng/crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot
--enable-long-long
Thread model: posix
gcc version 9.4.0 (crosstool-NG 1.24.0.487_10ac846)
[Bug other/103736] New: snprintf bogus format-truncation, disregarding modulo on argument
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103736
Bug ID: 103736
Summary: snprintf bogus format-truncation, disregarding modulo
on argument
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: patrickdepinguin at gmail dot com
Target Milestone: ---
gcc 11.2.0 and gcc 9.4.0 give a bogus format-truncation warning on following
test case compiled with -Wall and -O2:
#include
#include
void func(void) {
extern int8_t timezoneval;
char timezone[1+2+1];
if(timezoneval < 0)
{
snprintf(timezone, sizeof(timezone),"-%02d",-(timezoneval % 100));
}
else
{
snprintf(timezone, sizeof(timezone),"+%02d", timezoneval % 100);
}
}
Warning:
/tmp/test.cpp: In function 'void func()':
/tmp/test.cpp:15:52: warning: 'snprintf' output may be truncated before the
last format character [-Wformat-truncation=]
15 | snprintf(timezone, sizeof(timezone),"+%02d", timezoneval %
100);
|^
/tmp/test.cpp:15:18: note: 'snprintf' output between 4 and 5 bytes into a
destination of size 4
15 | snprintf(timezone, sizeof(timezone),"+%02d", timezoneval %
100);
|
^~~
Since timezoneval is used modulo 100, it will not take up more than two digits
(note that if timezoneval is negative, its value is negated first, so the
string representation will be positive). Together with the literal sign
character, and the null-termination, max. total size is 4 bytes. Yet, gcc
considers that 5 bytes may be needed.
When the parentheses in the first snprintf are omitted, causing the modulo
operator to operate on the negated timezoneval, the warning disappears. Funnily
enough, the warning is about the _second_, unmodified, snprintf:
#include
#include
void func(void) {
extern int8_t timezoneval;
char timezone[1+2+1];
if(timezoneval < 0)
{
snprintf(timezone, sizeof(timezone),"-%02d",-timezoneval % 100);
}
else
{
snprintf(timezone, sizeof(timezone),"+%02d", timezoneval % 100);
}
}
I found some possibly related older bugs, but was unsure if it's the same and
known to still apply on gcc 11. Feel free to mark this one as duplicated to the
relevant one.
Bug #78969 - bogus snprintf truncation warning due to missing range info
Bug #77721 - -Wformat-truncation not uses arg range for converted vars
Bug #94021 - -Wformat-truncation false positive due to excessive integer range
[Bug other/103542] New: bogus -Warray-bounds while index is limited by switch/case
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103542
Bug ID: 103542
Summary: bogus -Warray-bounds while index is limited by
switch/case
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: patrickdepinguin at gmail dot com
Target Milestone: ---
gcc 11.2.0 reports the following on a reduced test case:
$ powerpc-linux-gcc -c array-bounds-fruit.c -O2 -Wall -Werror
array-bounds-fruit.c: In function 'get_default_config.part.0':
array-bounds-fruit.c:69:37: error: array subscript 4 is above array bounds of
'struct fruit_config[4]' [-Werror=array-bounds]
69 | do_something(id, &config[id].num_lemons);
| ~~^~~~
array-bounds-fruit.c:19:28: note: while referencing 'config'
19 | static struct fruit_config config[4];
|^~
cc1: all warnings being treated as errors
Above is for powerpc, but I have the same problem with ARM.
The offending line is inside a switch/case, within the block where 'id' is
tested to be 0, 1, 2, or 3.
gcc/g++ is considering a case where 'id' becomes 4, which is not possible in
this code.
If I make any more changes (even seemingly unrelated changes) to the test case,
the error disappears.
Test code:
#include
#include
#include
enum {
ID_0 = 0,
ID_1 = 1,
ID_2 = 2,
ID_3 = 3,
MAX_IDS,
};
#define MAX_ENTRIES 256
struct fruit_config {
uint32_t num_apples;
uint32_t num_lemons;
uint32_t * lemons;
};
static struct fruit_config config[4];
static uint32_t unrelated_table[MAX_IDS][MAX_ENTRIES];
uint32_t do_something(const uint32_t id, uint32_t * number_of_entries)
{
uint32_t error = 0;
switch (id) {
/* merging these case statements with identical body removes the issue
*/
case ID_0: {
*number_of_entries = 0;
break;
}
case ID_1: {
*number_of_entries = 0;
break;
}
case ID_2: {
*number_of_entries = 0;
break;
}
case ID_3: {
*number_of_entries = 0;
break;
}
default: {
error = 0xff;
*number_of_entries = 0;
break;
}
}
return error;
}
struct fruit_config * get_default_config(const uint32_t id)
{
switch (id) {
case ID_0:
case ID_1:
case ID_2:
case ID_3:
{
uint32_t entry = 0;
for (entry = 0; entry
[Bug tree-optimization/103173] New: strncpy output may be truncated copying 32 bytes from a string of length 1439 (bogus) [-Werror=stringop-truncation]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103173
Bug ID: 103173
Summary: strncpy output may be truncated copying 32 bytes from
a string of length 1439 (bogus)
[-Werror=stringop-truncation]
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: patrickdepinguin at gmail dot com
Target Milestone: ---
gcc 11.2.0 gives a bogus warning of type 'stringop-truncation' on below reduced
test case.
.../arm-cortex_a53-linux-gnueabi-gcc -O2 -Wall -Werror -c /tmp/test.c -o
/tmp/foo.o
/tmp/test.c: In function 'func':
/tmp/test.c:22:5: error: 'strncpy' output may be truncated copying 32 bytes
from a string of length 1439 [-Werror=stringop-truncation]
22 | strncpy(dest, data[j].name, sizeof(dest));
| ^
cc1: all warnings being treated as errors
-
#include
struct data_struct {
char name[32];
int bar;
};
void func()
{
extern struct data_struct data[40];
extern char dest[32];
int j=0;
strncpy(dest, data[j].name, sizeof(dest));
};
-
Here 'dest' is correctly interpreted as an array of size 32, but 'data[j].name'
is interpreted as having size 1439 which is incorrect, as it should also have
size 32 (name member of struct data_struct).
Following factors influence the reported size 1439:
* if data_struct is given more or less additional members, like 'bar'
* if the array length of 'data' (40) is changed
* if the length of the 'name' array in data_struct is changed
If 'j' is replaced by 0 directly, as in:
strncpy(dest, data[0].name, sizeof(dest));
the error disappears.
This problem did not occur on our previous toolchain with gcc 7.4.0 for the
same architecture, nor for x86_64 with gcc 7.5.0.
Info from gcc -v:
Using built-in specs.
COLLECT_GCC=.../buildroot-toolchains/output/host/opt/ext-toolchain/bin/arm-cortex_a53-linux-gnueabi-gcc
COLLECT_LTO_WRAPPER=.../buildroot-toolchains/output/host/opt/ext-toolchain/arm/bin/../libexec/gcc/arm-cortex_a53-linux-gnueabi/11.2.0/lto-wrapper
Target: arm-cortex_a53-linux-gnueabi
Configured with:
.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/src/gcc/configure
--build=x86_64-build_pc-linux-gnu --host=x86_64-build_pc-linux-gnu
--target=arm-cortex_a53-linux-gnueabi
--prefix=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi
--exec_prefix=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi
--with-sysroot=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot
--enable-languages=c,c++,fortran --with-cpu=cortex-a53 --with-fpu=neon-fp-armv8
--with-float=hard --with-pkgversion='crosstool-NG 1.24.0.487_10ac846'
--enable-__cxa_atexit --disable-libmudflap --disable-libgomp --disable-libssp
--disable-libquadmath --disable-libquadmath-support --disable-libsanitizer
--disable-libmpx
--with-gmp=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--with-mpfr=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--with-mpc=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--with-isl=.../crosstool-ng/.build/arm-cortex_a53-linux-gnueabi/buildtools
--disable-lto --without-zstd --enable-threads=posix --enable-target-optspace
--disable-plugin --disable-nls --disable-multilib
--with-local-prefix=.../crosstool-ng/targets/arm-cortex_a53-linux-gnueabi/arm-cortex_a53-linux-gnueabi/sysroot
--enable-long-long
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 11.2.0 (crosstool-NG 1.24.0.487_10ac846)
[Bug tree-optimization/88240] [9 Regression] Potential optimization bug: invalid pre-load of floating-point value could cause SIGFPE-underflow if value is integer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88240 --- Comment #23 from Thomas De Schampheleire --- Thanks a lot!
