https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95276
--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
There are some uninitialized local variables in the reduced test case but with
those made extern I was able to reproduce the warning. But unless the test
case was reduced too far or the reduction introduced bugs (or I unless missed
something) I think the warning justified. ztoa_big() is being called with len
> 16 and a buffer of size 33. The loop in the function iterates 2 * len times,
storing into successive elements of the 33-byte itoa_buf, and then appending
'\0'. So with len == 17 it writes 35 bytes into the 33-bute itoa_buf.
Here's a much smaller test case that I ultimately reduced it to that shows the
bug (I shrank the buffer while still keeping the size ratios). The offset of
zero doesn't seem right but that's a side issue.
$ cat pr95276.c && gcc -O2 -S pr95276.c
char a[4];
void f (char *s, int n)
{
if (n <= 2)
return;
char *d = a;
for (int i = 0; i < n; i++)
{
extern volatile unsigned char h, l;
*d++ = s[h];
*d++ = s[l];
}
*d = '\0';
}
pr95276.c: In function âfâ:
pr95276.c:18:6: warning: writing 1 byte into a region of size 0
[-Wstringop-overflow=]
18 | *d = '\0';
| ~~~^~~~~~
pr95276.c:1:6: note: at offset 0 to object âaâ with size 4 declared here
1 | char a[4];
| ^
