https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80346
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #11 from Jeffrey A. Law <law at redhat dot com> ---
The warning for Martin's reduced testcase is clearly warranted. Consider the
case were a == -1 and b == -1.
Now if we go back to the original testcase we have this:
static inline size_t
iov_from_buf(const struct iovec *iov, unsigned int iov_cnt,
size_t offset, const void *buf, size_t bytes)
{
if (__builtin_constant_p(bytes) && iov_cnt &&
offset <= iov[0].iov_len && bytes <= iov[0].iov_len - offset) {
memcpy(iov[0].iov_base + offset, buf, bytes);
return bytes;
} else {
return iov_from_buf_full(iov, iov_cnt, offset, buf, bytes);
}
}
In the case where bytes = -1 (constant), iov_count != 0, offset = 0 and iov_len
= -1 we can clearly call memcpy with -1 as the length. This corresponds to a
call like
n = iov_from_buf(iov, niov, i, ibuf + i, -1);
Where niov != 0, i == 0, ibuf (don't care) and iov.iov_len == -1. I don't see
anything that would inherently prevent that from occuring.
So AFAICT, the warning for the first testcase is valid as well.