https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108127
Bug ID: 108127
Summary: FP due to combination of -Warray-bounds and UBSAN
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: frolov.da at phystech dot edu
Target Milestone: ---
I've tried to build the next example (which is a reduced example of one of the
functions from firefox):
static const unsigned DECPOWERS[10] = { 1, 10, 100, 1000, 10000, 100000,
1000000, 10000000, 100000000, 1000000000};
unsigned foo(int discard, unsigned char *lsu, unsigned char *up) {
int count;
unsigned cut, quot;
count = discard;
cut = discard - (count - 1) - 1;
if (cut == 1 - 1) {
return 8;
} else {
quot = *up >> cut;
cut++;
return DECPOWERS[1 - cut];
}
}
$ gcc -O2 -fsanitize-undefined-trap-on-error -Werror=array-bounds
-fsanitize=shift,signed-integer-overflow
and got an error:
<source>: In function 'foo':
<source>:16:21: error: array subscript 4294967265 is above array bounds of
'const unsigned int[10]' [-Werror=array-bounds=]
16 | return DECPOWERS[1 - cut];
| ~~~~~~~~~^~~~~~~~~
<source>:1:23: note: while referencing 'DECPOWERS'
1 | static const unsigned DECPOWERS[10] = { 1, 10, 100, 1000, 10000,
100000, 1000000, 10000000, 100000000, 1000000000}
Looks like the builtin functions of the ubsan (such as UBSAN_CHECK_SUB) does
not allow optimizations and cause these false positives. If I remove the
sanitizer flags then there will be no warning.
