https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105918
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #1)
> Shorter testcase (still need to reduce it futher):
> #include <charconv>
> void toChars(int number) {
> char temp[1];
> std::to_chars(temp, temp + 1, number);
> }
So the failure mode is std::to_chars treating a negative 'number' specially,
in this case starting from the end. We get
<bb 6> [local count: 536870912]:
# __first_9 = PHI <&temp(4), &MEM <char[1]> [(void *)&temp + 1B](5)>
# __unsigned_val_10 = PHI <__unsigned_val_5(4), __unsigned_val_8(5)>
and
<bb 21> [local count: 241591910]:
__num_47 = __val_28 * 2;
_48 = __num_47 + 1;
_49 = __digits[_48];
MEM[(char *)__first_9 + 1B] = _49;
_50 = __digits[__num_47];
*__first_9 = _50;
here the __first_9 + 1 store is _always_ out of bounds. It might be
that this block is never reachable but we couldn't prove that.
