https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78678
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
I see, but what about comparing the access to TYPE_SIZE of a variable:
diff --git a/gcc/gimple-fold.c b/gcc/gimple-fold.c
index 5ebdcdfd796..d493b27f536 100644
--- a/gcc/gimple-fold.c
+++ b/gcc/gimple-fold.c
@@ -6134,6 +6134,12 @@ fold_array_ctor_reference (tree type, tree ctor,
tree domain_type = NULL_TREE;
HOST_WIDE_INT inner_offset;
+ /* Accessing a ctor elements that actually points after a declaration is
+ an undefined behavior. */
+ tree decl_size = TYPE_SIZE (TREE_TYPE (from_decl));
+ if (tree_fits_uhwi_p (decl_size) && offset >= tree_to_uhwi (decl_size))
+ return NULL;
+
/* Compute low bound and elt size. */
if (TREE_CODE (TREE_TYPE (ctor)) == ARRAY_TYPE)
domain_type = TYPE_DOMAIN (TREE_TYPE (ctor));
It's completely untested patch.
