[Bug libstdc++/107927] New: vector::push_back gives array bounds warning with optimization and undefined sanitizer

Tue, 29 Nov 2022 18:15:15 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107927

            Bug ID: 107927
           Summary: vector::push_back gives array bounds warning with
                    optimization and undefined sanitizer
           Product: gcc
           Version: 12.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: larsbj at gullik dot org
  Target Milestone: ---

Created attachment 53988
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53988&action=edit
Pre-processed source

This looks very similar to Bug 107852, but different to warrant a report imho.

gcc --version
gcc (GCC) 12.2.1 20221121 (Red Hat 12.2.1-4)

The preprocessed file has been reduced from something much larger with 
Compiling the pre-processed file with cvise. The seemingly similar test case:

   #include <initializer_list>
   #include <vector>

   struct Foo {
       Foo(std::initializer_list<unsigned> l) : v(l) { v.push_back(5); }
       struct::vector<unsigned> v;
   };

   void make() { Foo{{}}; }

does not exibit the same error as the original or preprocessed code.

g++ g++ -Warray-bounds -O2 -fsanitize=undefined -std=gnu++20 -c test.ii

(note that the original code requires -fsanitize=undefined to fail, the
preprocessed code does not.)

gives:

In function ‘int std::construct_at(_Tp) [with _Tp = unsigned int*]’,
    inlined from ‘static int std::allocator_traits<std::allocator<_Tp>
>::construct(allocator_type, _Up) [with _Up = unsigned int*; _Tp = unsigned
int]’ at :59:17,
    inlined from ‘int std::vector::push_back(int)’ at :114:46,
    inlined from ‘RTCPfeedback::RTCPfeedback(std::initializer_list<unsigned
int>)’ at :128:71,
    inlined from ‘int makeEmptyRR()’ at :131:17:
:4:56: warning: array subscript 1 is outside array bounds of ‘unsigned int [1]’
[-Warray-bounds]
In member function ‘unsigned int* std::__new_allocator::allocate(long int)’,
    inlined from ‘static _Tp* std::allocator_traits<std::allocator<_Tp>
>::allocate(allocator_type, size_type) [with _Tp = unsigned int]’ at :56:24,
    inlined from ‘unsigned int* std::_Vector_base::_M_allocate(long int)’ at
:103:53,
    inlined from ‘void std::vector::_M_range_initialize(_ForwardIterator,
_ForwardIterator, random_access_iterator_tag) [with _ForwardIterator = unsigned
int*]’ at :120:20,
    inlined from ‘std::vector::vector(std::initializer_list<unsigned int>)’ at
:112:24,
    inlined from ‘RTCPfeedback::RTCPfeedback(std::initializer_list<unsigned
int>)’ at :128:53,
    inlined from ‘int makeEmptyRR()’ at :131:17:
:7:48: note: at offset 4 into object of size 4 allocated by ‘operator new’

Reply via email to