[Bug tree-optimization/105078] Maybe wrong *** buffer overflow detected ***: terminated with -D_FORTIFY_SOURCE

Mon, 28 Mar 2022 03:25:32 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105078

--- Comment #1 from Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> ---
With gcc12:

Computing maximum subobject size for _11:
Visiting use-def links for _11
Visiting use-def links for _10
Computing maximum object size for header_12:
Visiting use-def links for header_12
header_12: maximum object size 272
_10: maximum subobject size 16
_11: maximum subobject size 0
Simplified
  _2 = __builtin_object_size (_11, 1);
 to 0
gimple_simplified to if (0 != 0)
gimple_simplified to _4 = 0;
int main ()
{
  struct QArrayData * header;
  long unsigned int _2;
  int _3;
  bool _4;
  int _5;
  long int iftmp.1_6;
  long int iftmp.2_7;
  long int iftmp.2_8;
  long int iftmp.1_9;
  struct QArrayData * _10;
  void * _11;

  <bb 2> [local count: 1073741824]:
  header_12 = malloc (272);
  header_12->size = 256;
  header_12->offset = 16;
  _10 = &MEM[(struct QTypedArrayData *)header_12].D.4557;
  _11 = _10 + 16;
  _2 = __builtin_object_size (_11, 1);
  _4 = 0;
  _5 = __builtin_constant_p (_4);
  if (_5 != 0)
    goto <bb 3>; [50.00%]
  else
    goto <bb 6>; [50.00%]
...


with gcc11:


;; Function main (main, funcdef_no=54, decl_uid=4523, cgraph_uid=48,
symbol_order=47) (executed once)

Computing maximum subobject size for _11:
Visiting use-def links for _11
Visiting use-def links for header_12
_11: maximum subobject size 256
header_12: maximum subobject size 272
Simplified
  _2 = __builtin_object_size (_11, 1);
 to 256
gimple_simplified to if (0 != 0)
gimple_simplified to if (1 != 0)
gimple_simplified to _4 = 1;
int main ()
{
  struct QArrayData * header;
  long unsigned int _2;
  int _3;
  bool _4;
  int _5;
  long int iftmp.1_6;
  long int iftmp.2_7;
  long int iftmp.2_8;
  long int iftmp.1_9;
  void * _11;

  <bb 2> [local count: 1073741823]:
  header_12 = malloc (272);
  header_12->size = 256;
  header_12->offset = 16;
  _11 = &MEM <struct QArrayData> [(void *)header_12 + 16B];
  _2 = __builtin_object_size (_11, 1);
  _4 = 1;
  _5 = __builtin_constant_p (_4);
  if (_5 != 0)
    goto <bb 3>; [50.00%]
  else
    goto <bb 5>; [50.00%]
...

The

    &MEM <struct QArrayData> [(void *)header_12 + 16B]

vs
   _10 = &MEM[(struct QTypedArrayData *)header_12].D.4557;
   _11 = _10 + 16;

appears to be the difference, where the gcc11 version allows the full size
(272) to be seen while the cast to QTypedArrayData in the latter allows only
the sizeof (QTypedArrayData) to be seen as subobject size.

Reply via email to