https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93582
--- Comment #11 from Martin Sebor <msebor at gcc dot gnu.org> ---
-mtune=z13 seems to enable more inlining so many of the past-the-end references
to the tempGrab local variable end up inlined into the bodies of the functions
that define them.
For example:
PassivGrab.c: In function 'UngrabKeyOrButton':
PassivGrab.c:8738:56: warning: array subscript 0 is outside array bounds of
'XtServerGrabRec[1]' {aka 'struct _XtServerGrabRec[1]'} [-Warray-bounds]
8738 | second.pMask =
((XtServerGrabExtPtr)((pSecondGrab)+1))->pModifiersMask;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
PassivGrab.c:9144:21: note: while referencing 'tempGrab'
9144 | XtServerGrabRec tempGrab;
| ^~~~~~~~
In the VRP dump for UngrabKeyOrButton we see:
...
struct XtServerGrabRec tempGrab;
followed by:
...
<bb 40> [local count: 653983619]:
_172 = MEM[(struct _XtGrabExtRec *)&tempGrab + 24B].pModifiersMask;
if (_172 == 0B)
sizeof (struct XtServerGrabRec) == 24, so the read of the memory at (struct
_XtGrabExtRec *)&tempGrab + 24B is out-of-bounds.
I think the code relies on the tempGrab.hasExt member being zero to avoid
actually performing the out-of-bounds access so it's safe, but GCC doesn't
connect the relationship between the test and the member so it emits the access
and the warning.
The warning can be avoided by replacing the instances of the local tempGrab
declarations with two-element arrays, like so:
struct XtServerGrabRec tempGrab[2];
and accesses to its members such as tempGrab.widget with
tempGrab->widget = widget;
