http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48269
--- Comment #3 from Richard Guenther <rguenth at gcc dot gnu.org> 2011-03-24
10:43:29 UTC ---
D.83064_56 = in_int_3(D)->strong_source;
D.83065_57 = D.83064_56->_vptr.KisPacketSource;
D.83086_59 = MEM[(int (*__vtbl_ptr_type) (void) *)D.83065_57 + 92B];
D.73136 = OBJ_TYPE_REF(D.83086_59;D.83064_56->23) (D.83064_56); [return slot
optimization]
D.83087_61 = std::basic_string<char>::c_str (&D.73136);
D.83088_63 = &MEM[(struct drone_source_packet *)dpkt_1 + 12B].interface_str;
__s_143 = (char * restrict) D.83088_63;
D.85546_145 = 16;
__builtin___snprintf_chk (__s_143, 16, 1, D.85546_145, "%s", D.83087_61);
std::basic_string<char>::~basic_string (&D.73136);
D.83064_65 = in_int_3(D)->strong_source;
D.83065_66 = D.83064_65->_vptr.KisPacketSource;
D.83090_68 = MEM[(int (*__vtbl_ptr_type) (void) *)D.83065_66 + 96B];
D.73137 = OBJ_TYPE_REF(D.83090_68;D.83064_65->24) (D.83064_65); [return slot
optimization]
D.83091_70 = std::basic_string<char>::c_str (&D.73137);
D.83092_72 = &MEM[(struct drone_source_packet *)dpkt_1 + 12B].type_str;
__s_147 = (char * restrict) D.83092_72;
D.85552_149 = 9;
__builtin___snprintf_chk (__s_147, 16, 1, D.85552_149, "%s", D.83091_70);
so for some reason we compute the object size of *D.38092_72 as 9. We
allocated
dpkt_1 as
dpkt_1 = malloc (89);
which looks like enough.
C testcase:
typedef struct {
unsigned int sentinel;
char data[0];
} drone_packet;
typedef struct {
char type_str[16];
char channel_hop;
} drone_source_packet;
drone_packet *
foo(char *x)
{
drone_packet *dpkt = __builtin_malloc(sizeof(drone_packet)
+ sizeof(drone_source_packet));
drone_source_packet *spkt = (drone_source_packet *) dpkt->data;
__builtin___snprintf_chk (spkt->type_str, 16,
1, __builtin_object_size (spkt->type_str, 1),
"%s", x);
return dpkt;
}
