On Sat, Feb 04, 2023 at 05:07:08AM -0800, Andres Freund wrote:
> <source>: In function 'assign':
> <source>:9:6: warning: array subscript 'foo[0]' is partly outside array bounds of 'unsigned char[4]'
[-Warray-bounds=]
> 9 | p->i = i;
> | ^~
> <source>:8:22: note: object of size 4 allocated by '__builtin_malloc'
> 8 | foo *p = (foo *) __builtin_malloc(sizeof(int));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Compiler returned: 0
>
> I can't really tell if gcc is right or wrong wrong to warn about
> this. On the one hand it's a union, and we only access the element that
> is actually backed by memory, on the other hand, the standard does say
> that the size of a union is the largest element, so we are pointing to
> something undersized.
Something I have noticed, related to that.. meson reports a set of
warnings here, not ./configure, still I apply the same set of CFLAGS
to both. What's the difference in the meson setup that creates that,
if I may ask? There is a link to the way -Warray-bound is handled?
> We actually have a fair amount of code like that, but currently are
> escaping most of the warnings, because gcc doesn't know that palloc() is
> an allocator. With more optimizations (particularly with LTO), we end up
> with more of such warnings. I'd like to annotate palloc so gcc
> understands the size, as that does help to catch bugs when confusing the
> type. It also helps static analyzers.
Ah, that seems like a good idea in the long run.
--
Michael