https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115404
Bug ID: 115404
Summary: [15 Regression] possibly wrong code on glibc-2.39
since r15-1113-gde05e44b2ad963
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: slyfox at gcc dot gnu.org
Target Milestone: ---
No minimal reproducer yet, filing in case it's an easy to notice bug from the
bisected r15-1113-gde05e44b2ad963:
commit de05e44b2ad9638d04173393b1eae3c38b2c3864
Author: Uros Bizjak <ubiz...@gmail.com>
Date: Sat Jun 8 12:17:11 2024 +0200
i386: Implement .SAT_ADD for unsigned scalar integers [PR112600]
...
The bug manifests as a testsuite failure on mpfr-4.2.1 as:
FAIL: tsprintf
==============
Fatal glibc error: printf_buffer_as_file.c:31
(__printf_buffer_as_file_commit): assertion failed: file->stream._IO_write_ptr
<= file->next->write_end
FAIL tsprintf (exit status: 134)
I think it's a `file->next->write_end` corruption around this code in glibc's
libio/iovsprintf.c:
```c
int
__vsprintf_internal (char *string, size_t maxlen,
const char *format, va_list args,
unsigned int mode_flags)
{
struct __printf_buffer buf;
if ((mode_flags & PRINTF_CHK) != 0)
{
string[0] = '\0';
uintptr_t end;
if (__builtin_add_overflow ((uintptr_t) string, maxlen, &end))
end = -1;
__printf_buffer_init_end (&buf, string, (char *) end,
__printf_buffer_mode_sprintf_chk);
}
...
```
Could it be that dead store to `&end` somehow conflicts with a following `end =
-1`?
I'll try to extract self-contained example, but it will take some time.
