https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99159
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |msebor at gcc dot gnu.org Severity|normal |enhancement Last reconfirmed| |2021-02-19 Summary|Confusing -Warray-bounds |missing -Wnonull on member |warning |access through null Ever confirmed|0 |1 Blocks| |95507 --- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> --- To expand on what Andrew said in comment #1: The code in test2() is undefined because it dereferences a null pointer. It's diagnosed by -Warray-bounds and (with it disabled) by -Wstringop-overread, both of which expect objects to be allocated at valid addresses. -Wnonnull would arguably be a better warning to issue for this case but it doesn't have the same logic as the other two. In addition, and by the time -Wnonnull runs, the null pointer has already been replaced by the non-null address of the member: void test2 () { struct s2 * p; struct s2 * pb.0_2; struct s1 * _3; <bb 2> : pb.0_2 = pb; _3 = &pb.0_2->y; __builtin_memcpy (_3, 4B, 12); return; } Issuing -Wnonull here would mean either running the warning earlier (which runs the risk of issuing more false positives) or also assuming that objects don't live at constant addresses. The code test1() is "conditionally undefined" (it's defined when f is zero) and isn't diagnosed only because -Wnonnull doesn't handle conditionals (PHI nodes). A simple test case that shows the limitation is: void f (void) { char *q = 0; __builtin_puts (q); // -Wnonnull } void g (char *p) { char *q = *p ? p : 0; __builtin_puts (q); // -Wnonnull } I can confirm this as an enhancement request for -Wnonull to diagnose both problem(s). That should automatically disable any subsequent warnings for the same bug. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95507 [Bug 95507] [meta-bug] bogus/missing -Wnonnull