https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123042
Bug ID: 123042
Summary: - -Wanalyzer-out-of-bounds false positive in Emacs
mapping stack (revisiting 109579)
Product: gcc
Version: 15.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: eggert at cs dot ucla.edu
Target Milestone: ---
Created attachment 63011
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=63011&action=edit
Compile with "gcc -m32 -fanalyzer -O2 -S" to reproduce the problem
gcc (GCC) 15.2.1 20251111 (Red Hat 15.2.1-4) on x86-64 is exhibiting a bug that
I reported earlier as bug#109579. The earlier bug was marked as WORKSFORME when
David Malcolm tested it with some of his circa 2024 patches to trunk.
Presumably its occurence now means that the bug was not entirely fixed, so I am
reopening the issue.
Uncompress the attached t.i.gz file, and compile the resulting t.i file on
x86-64 with:
gcc -m32 -fanalyzer -O2 -S t.i
This complains:
t.i: In function ‘ccl_driver’:
t.i:39059:107: warning: buffer under-read [CWE-127]
[-Wanalyzer-out-of-bounds]
39059 | tack_pointer--; (map_set_rest_length) =
mapping_stack_pointer->rest_length; (orig_op) =
mapping_stack_pointer->orig_val; } while (0);
|
~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is a false positive, as the relevant code is executed only when
(mapping_stack_pointer >= mapping_stack + 2) which means that there is no
problem subtracting 1 from mapping_stack_pointer twice.
