[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2024-03-22 Thread law at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

Jeffrey A. Law  changed:

   What|Removed |Added

   Priority|P3  |P2

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2024-03-09 Thread law at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

Jeffrey A. Law  changed:

   What|Removed |Added

   Last reconfirmed||2024-03-10
 CC||law at gcc dot gnu.org
 Status|UNCONFIRMED |NEW
 Ever confirmed|0   |1

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-30 Thread rguenth at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

Richard Biener  changed:

   What|Removed |Added

   Target Milestone|--- |12.4

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-26 Thread pinskia at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

--- Comment #6 from Andrew Pinski  ---
(In reply to Bruno Haible from comment #4) 
> That is the only way of keeping track of pointers _into_ the string_space
> area, when it is reallocated. How else would you want to do it?

You could use intptr_t casting to do the subtraction ...

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-26 Thread bruno at clisp dot org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

--- Comment #5 from Bruno Haible  ---
Created attachment 55170
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55170=edit
test case bar2.c

Find attached a modified test case. I changed the code to

  map[i].alias = new_pool + (map[i].alias -
string_space);
  map[i].value = new_pool + (map[i].value -
string_space);

so that it subtracts pointers into the old string_space, producing an integer,
and adding that integer to new_pool.

It produces the same warning (even twice, apparently because there is no common
subexpression between the two lines any more):

$ gcc -Wall -O2 -S bar2.c
bar2.c: In function ‘read_alias_file’:
bar2.c:123:67: warning: pointer may be used after ‘realloc’ [-Wuse-after-free]
  123 |   map[i].value = new_pool + (map[i].value -
string_space);
  |
~~^~~
bar2.c:114:45: note: call to ‘realloc’ here
  114 |   char *new_pool = (char *) realloc (string_space,
new_size);
  |
^~~~
bar2.c:122:67: warning: pointer may be used after ‘realloc’ [-Wuse-after-free]
  122 |   map[i].alias = new_pool + (map[i].alias -
string_space);
  |
~~^~~
bar2.c:114:45: note: call to ‘realloc’ here
  114 |   char *new_pool = (char *) realloc (string_space,
new_size);
  |
^~~~

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-26 Thread bruno at clisp dot org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

--- Comment #4 from Bruno Haible  ---
> > 
> >   char *new_pool = (char *) realloc (string_space, 
> > new_size);
> >   if (new_pool == ((void *)0))
> > goto out;
> >   if (__builtin_expect (string_space != new_pool, 0))
> > {
> >   size_t i;
> >   for (i = 0; i < nmap; i++)
> > {
> >   map[i].alias += new_pool - string_space;
> >   map[i].value += new_pool - string_space;
> > }
> > }
> >   string_space = new_pool;

> Also I think `new_pool - string_space` is undefined really.  That is
> subtracting two unrelated arrays is undefined. You can only compare equality
> on them.

That is the only way of keeping track of pointers _into_ the string_space area,
when it is reallocated. How else would you want to do it?

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-26 Thread pinskia at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

--- Comment #3 from Andrew Pinski  ---
(In reply to Andrew Pinski from comment #1)
> ```
> 
>   char *new_pool = (char *) realloc (string_space, new_size);
>   if (new_pool == ((void *)0))
> goto out;
>   if (__builtin_expect (string_space != new_pool, 0))
> {
>   size_t i;
>   for (i = 0; i < nmap; i++)
> {
>   map[i].alias += new_pool - string_space;
>   map[i].value += new_pool - string_space;
> }
> }
>   string_space = new_pool;
> ```
> 
> Hmmm

Also I think `new_pool - string_space` is undefined really.  That is
subtracting two unrelated arrays is undefined. You can only compare equality on
them.

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-26 Thread pinskia at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

Andrew Pinski  changed:

   What|Removed |Added

   See Also||https://gcc.gnu.org/bugzill
   ||a/show_bug.cgi?id=104215

--- Comment #2 from Andrew Pinski  ---
See also the discussion starting at bug 104215 comment #2.

[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc

2023-05-26 Thread pinskia at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990

--- Comment #1 from Andrew Pinski  ---
```

  char *new_pool = (char *) realloc (string_space, new_size);
  if (new_pool == ((void *)0))
goto out;
  if (__builtin_expect (string_space != new_pool, 0))
{
  size_t i;
  for (i = 0; i < nmap; i++)
{
  map[i].alias += new_pool - string_space;
  map[i].value += new_pool - string_space;
}
}
  string_space = new_pool;
```

Hmmm