https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106762
--- Comment #2 from Matt Taylor <para at tampabay dot rr.com> ---
Yes, the test case is immensely reduced from the original code. However, there
are still three problems. First, the warning fails to note that the array
bounds _could_ be [0,0] and implies that they are _always_ [0,0]. This was
confusing. Second, `memset` triggers the warning, but field assignment does
not. This is inconsistent. Third, if the order of the fields is rearranged,
then the warning is suppressed. It seems that it is permitting 1 byte to be
written to NULL and only fails for 2 or more bytes. Granted, it is unlikely
that someone would memset a single byte.
The original code was significantly more complicated than what I attached. The
most important piece of context that I omitted is that the 4 lines doing the
lookup are actually in an inline function. Our code looks more like this:
struct obj_t* obj = lookup(ary, idx);
memset(&obj->field1, 0xff, sizeof(obj->field1));
It is a half dozen different functions that have been inlined together, and
where the warning is generated it isn't at all clear that the bounds are [0,0]
because of an error check in another function that becomes dead code after
inlining. This actually happens in the body of a loop where `idx` increments
from 0 to `ary->objcnt`. Reintroducing the loop suppresses the warning in the
code that I attached, but I will work to reproduce the warning from a loop
body.
