https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106845
--- Comment #3 from Tim Lange <tlange at gcc dot gnu.org> --- Thanks for the report! (In reply to David Malcolm from comment #2) > (gdb) call this->dump() > bytes 1-0 This should be the read_bytes in region_model::check_region_bounds, with the start being the offset and the last byte being the offset + num_bytes - 1. So the number of accessed bytes seems to return 0. I do use get_byte_size_sval () to retrieve the num_bytes. For the sized_region, the m_byte_size_sval is returned, which is set to buf_size aka 0 inside impl_call_memset. So the bug is that the caller proceeds to check for overflows even if no bytes are accessed. Solutions would be: 1. Bail out in the region_model::check_region_bounds if (tree_int_cst_equal (num_bytes_tree, integer_zero_node)). Maybe also add an assertion to the constructor of byte_range that m_size_in_bytes > 0. 2. Returning false if either THIS or OTHER has a size == 0 in byte_range::exceeds_p and byte_range::falls_short_p. It seems to me that the implementations of byte_range/bit_range get_last_byte_offset () already assume that m_size_in_bytes should be greater than zero. So I think the first one should the preferred fix.
