https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109308
Bug ID: 109308
Summary: False positive store to address 0x62600000016c with
insufficient space for an object of type 'int' since
r12-6030-g422f9eb7011b76c1
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
marxin at gcc dot gnu.org, siddhesh at gcc dot gnu.org
Target Milestone: ---
It's something I reduced from:
https://sourceware.org/bugzilla/show_bug.cgi?id=30279
$ cat y.i
struct m68hc11_opcode_def
{
long format;
};
int main()
{
int num_opcodes = 1;
struct m68hc11_opcode_def *opc;
opc = (struct m68hc11_opcode_def *) __builtin_malloc (sizeof (struct
m68hc11_opcode_def) * num_opcodes);
__builtin_printf ("opc=%p\n", opc);
--opc;
for (int i = 0; i < num_opcodes; i++)
{
opc++;
opc->format = 0;
}
return 0;
}
$ gcc -g y.i -fsanitize=undefined -O2 && ./a.out
opc=0x4172b0
y.i:18:19: runtime error: store to address 0x0000004172b0 with insufficient
space for an object of type 'long int'
0x0000004172b0: note: pointer points here
00 00 00 00 ba ba ba ba ba ba ba ba 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 11 04 00 00
^
#0 0x4010e3 in main /home/marxin/Programming/binutils/objdir/gas/y.i:18
#1 0x7ffff762cbaf in __libc_start_call_main (/lib64/libc.so.6+0x27baf)
(BuildId: a3b5459af6c888d99845457c6f4d0c3b06f2404b)
#2 0x7ffff762cc78 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x27c78)
(BuildId: a3b5459af6c888d99845457c6f4d0c3b06f2404b)
#3 0x401134 in _start ../sysdeps/x86_64/start.S:115
