[Bug tree-optimization/83733] -Wformat-overflow false positive for %d on bounded integer when inlining
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733 Andrew Pinski changed: What|Removed |Added Resolution|--- |FIXED Target Milestone|--- |12.0 Status|NEW |RESOLVED --- Comment #6 from Andrew Pinski --- Fixed in GCC 12; most likely by r12-5014-g6b8b959675a3e14 .
[Bug tree-optimization/83733] -Wformat-overflow false positive for %d on bounded integer when inlining
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733 Martin Sebor changed: What|Removed |Added Last reconfirmed|2018-01-08 00:00:00 |2020-5-1 Known to fail|9.1.0 |9.2.0 --- Comment #5 from Martin Sebor --- Reconfirming with GCC 10.
[Bug tree-optimization/83733] -Wformat-overflow false positive for %d on bounded integer when inlining
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733
Martin Sebor changed:
What|Removed |Added
See Also||https://gcc.gnu.org/bugzill
||a/show_bug.cgi?id=94021
Known to fail||10.0, 7.3.0, 8.2.0, 9.1.0
--- Comment #4 from Martin Sebor ---
GCC 10 issues the same warning. The partial dump below shows that the range
info the directive uses doesn't correspond to the range set in the code. This
is similar to pr94021.
$ gcc -O2 -S -Wall -fdump-tree-strlen=/dev/stdout pr83733.c
;; Function g (g, funcdef_no=1, decl_uid=1939, cgraph_uid=2, symbol_order=1)
;; 1 loops found
;;
;; Loop 0
;; header 0, latch 1
;; depth 0, outer -1
;; nodes: 0 1 2 3 4 5 6 7
;; 2 succs { 7 3 }
;; 3 succs { 4 6 }
;; 4 succs { 7 5 }
;; 5 succs { 6 }
;; 6 succs { 7 }
;; 7 succs { 1 }
Computing maximum subobject size for _10:
Computing maximum object size for p_8(D):
_10: maximum subobject size 9
pr83733.c:8: __builtin_sprintf: objsize = 9, fmtstr = "CMPRT%02d"
Directive 1 at offset 0: "CMPRT", length = 5
Result: 5, 5, 5, 5 (5, 5, 5, 5)
Directive 2 at offset 5: "%02d"
pr83733.c: In function ‘g’:
pr83733.c:8:34: warning: ‘%02d’ directive writing between 2 and 6 bytes into a
region of size 4 [-Wformat-overflow=]
8 | __builtin_sprintf (p->a, "CMPRT%02d", i);
| ^~~~
pr83733.c:8:28: note: directive argument in the range [-32768, 31]
8 | __builtin_sprintf (p->a, "CMPRT%02d", i);
|^~~
Result: 2, 6, 6, 6 (7, 11, 11, 11)
Directive 3 at offset 9: "", length = 1
pr83733.c:8:3: note: ‘__builtin_sprintf’ output between 8 and 12 bytes into a
destination of size 9
8 | __builtin_sprintf (p->a, "CMPRT%02d", i);
| ^~~~
[Bug tree-optimization/83733] -Wformat-overflow false positive for %d on bounded integer when inlining
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733
Martin Sebor changed:
What|Removed |Added
Status|WAITING |NEW
CC||msebor at gcc dot gnu.org
--- Comment #3 from Martin Sebor ---
Confirmed als on on trunk (GCC 8) with the reduced test case below. As the
warning indicates, the range gets reset to that of short.
$ cat pr83733.c && gcc -O2 -S -Wall pr83733.c
struct S { char a[9], b; };
static void f (struct S *p, int i)
{
if (i < 0 || i >= 32)
return;
__builtin_sprintf (p->a, "CMPRT%02d", i);
}
void g (struct S *p, int i, short j)
{
if (i < 0 || i >= 32)
return;
if (i == 0)
i = j;
f (p, i);
}
pr83733.c: In function ‘g’:
pr83733.c:8:34: warning: ‘%02d’ directive writing between 2 and 6 bytes into a
region of size 4 [-Wformat-overflow=]
__builtin_sprintf (p->a, "CMPRT%02d", i);
^~~~
pr83733.c:8:28: note: directive argument in the range [-32768, 32767]
__builtin_sprintf (p->a, "CMPRT%02d", i);
^~~
pr83733.c:8:3: note: ‘__builtin_sprintf’ output between 8 and 12 bytes into a
destination of size 9
__builtin_sprintf (p->a, "CMPRT%02d", i);
^~~~
[Bug tree-optimization/83733] -Wformat-overflow false positive for %d on bounded integer when inlining
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733 --- Comment #2 from Tim Van Holder --- Created attachment 43062 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43062=edit Testcase Testcase attached. Compiling with "gcc -c -Wall -Wextra -Werror -O3 gcc83733.c" yields: gcc83733.c: In function ‘caller1’: gcc83733.c:33:44: error: ‘%02d’ directive writing between 2 and 6 bytes into a region of size 4 [-Werror=format-overflow=] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~ gcc83733.c:33:38: note: directive argument in the range [-32768, 32767] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~ gcc83733.c:33:7: note: ‘sprintf’ output between 8 and 12 bytes into a destination of size 9 sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~ gcc83733.c: In function ‘caller2’: gcc83733.c:33:44: error: ‘%02d’ directive writing between 2 and 6 bytes into a region of size 4 [-Werror=format-overflow=] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~ gcc83733.c:33:38: note: directive argument in the range [-32768, 32767] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~ gcc83733.c:33:7: note: ‘sprintf’ output between 8 and 12 bytes into a destination of size 9 sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~ There seem to be several subtleties involved. For example, dropping the 'definition' struct (making 'ddname' a field directly in 'foo_t') changes the diagnostic, claiming there's 11 bytes in the target (slack space in the struct?).
[Bug tree-optimization/83733] -Wformat-overflow false positive for %d on bounded integer when inlining
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733 Richard Biener changed: What|Removed |Added Status|UNCONFIRMED |WAITING Last reconfirmed||2018-01-08 Ever confirmed|0 |1 --- Comment #1 from Richard Biener --- Please attach a testcase that can be compiled that shows the warning.
