https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
Bug ID: 111537
Summary: ICE: in set_cell_span, at text-art/table.cc:148 with D
front-end and -fanalyzer
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: ibuclaw at gdcproject dot org
Target Milestone: ---
Roughly copied an example from the static analyzer talk and wrote it in D.
---
import core.stdc.string;
void main()
{
char[5] arr;
strcpy(arr.ptr, "hello world");
}
---
The C++ equivalent compiled with g++ prints pretty tables and emojis in the
expected warning, whereas with gdc compiler issues an ICE within the text-art
code.
---
oob.d: In function ‘D main’:
oob.d:5:11: warning: buffer over-read [CWE-126] [-Wanalyzer-out-of-bounds]
5 | strcpy(arr.ptr, "hello world");
| ^
‘D main’: events 1-3
|
| 4 | char[5] arr;
| | ^
| | |
| | (1) following ‘false’ branch...
| | (2) ...to here
| 5 | strcpy(arr.ptr, "hello world");
| | ~
| | |
| | (3) out-of-bounds read at byte 11 but ‘"hello world"’
ends at byte 11
|
oob.d:5:11: note: read of 1 byte from after the end of ‘"hello world"’
5 | strcpy(arr.ptr, "hello world");
| ^
oob.d:5:11: note: valid subscripts for ‘"hello world"’ are ‘[0]’ to ‘[11]’
during IPA pass: analyzer
oob.d:4:13: internal compiler error: in set_cell_span, at text-art/table.cc:148
4 | char[5] arr;
| ^
0xa837bf text_art::table::set_cell_span(text_art::rect<text_art::table>,
text_art::table_cell_content&&, text_art::x_align, text_art::y_align)
../../gcc/text-art/table.cc:148
0x2404913
ana::access_diagram_impl::add_invalid_accesses_to_region_table(text_art::table&)
../../gcc/analyzer/access-diagram.cc:2025
0x240b826 ana::access_diagram_impl::access_diagram_impl(ana::access_operation
const&, diagnostic_event_id_t, text_art::style_manager&, text_art::theme
const&, ana::logger*)
../../gcc/analyzer/access-diagram.cc:1874
0x23ffccb std::enable_if<!std::is_array<ana::access_diagram_impl>::value,
std::unique_ptr<ana::access_diagram_impl,
std::default_delete<ana::access_diagram_impl> > >::type
make_unique<ana::access_diagram_impl, ana::access_operation const&,
diagnostic_event_id_t&, text_art::style_manager&, text_art::theme const&,
ana::logger*&>(ana::access_operation const&, diagnostic_event_id_t&,
text_art::style_manager&, text_art::theme const&, ana::logger*&)
../../gcc/make-unique.h:41
0x23ffccb ana::access_diagram::access_diagram(ana::access_operation const&,
diagnostic_event_id_t, text_art::style_manager&, text_art::theme const&,
ana::logger*)
../../gcc/analyzer/access-diagram.cc:2416
0x21db92a ana::out_of_bounds::make_access_diagram(ana::access_operation const&,
text_art::style_manager&, text_art::theme const&, ana::logger*) const
../../gcc/analyzer/bounds-checking.cc:190
0x21db92a ana::out_of_bounds::maybe_show_diagram(ana::logger*) const
../../gcc/analyzer/bounds-checking.cc:169
0x21dbf7f ana::out_of_bounds::maybe_show_notes(unsigned int, ana::logger*)
const
../../gcc/analyzer/bounds-checking.cc:125
0x21dbf7f ana::concrete_buffer_over_read::emit(rich_location*, ana::logger*)
../../gcc/analyzer/bounds-checking.cc:437
0x220168c ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic&)
../../gcc/analyzer/diagnostic-manager.cc:1566
0x220544d ana::dedupe_winners::emit_best(ana::diagnostic_manager*,
ana::exploded_graph const&)
../../gcc/analyzer/diagnostic-manager.cc:1446
0x2201c2e ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
../../gcc/analyzer/diagnostic-manager.cc:1498
0x16771e5 ana::impl_run_checkers(ana::logger*)
../../gcc/analyzer/engine.cc:6168
0x16780ee ana::run_checkers()
../../gcc/analyzer/engine.cc:6242
0x166738c execute
../../gcc/analyzer/analyzer-pass.cc:87
