public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
@ 2023-03-06 11:16 ishikawa at yk dot rim.or.jp
2023-03-06 16:40 ` [Bug tree-optimization/109041] " pinskia at gcc dot gnu.org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: ishikawa at yk dot rim.or.jp @ 2023-03-06 11:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
Bug ID: 109041
Summary: Bogus compile time check by __builtin_memset? error:
‘__builtin_memset’ writing 4 bytes into a region of
size 0 overflows the destination
[-Werror=stringop-overflow=]
Product: gcc
Version: 11.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: ishikawa at yk dot rim.or.jp
Target Milestone: ---
I am compiling sqlite3.c included in mozilla firefox source tree with gcc
-Werror and -Wall flag (with some exclusion of certain warnings).
Then the compiler spewed out the following warning treated as error, which, I
think, is bogus, but not so sure.
Since the code works without the compile time check, I suppose it works :-)
Gcc version is 11.3. I am compiling under Debian GNU/Linux.
ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$ gcc-11 --version
gcc-11 (Debian 11.3.0-12) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
You see, a region of size 0 looks obviously bogus.
When I look at the original code that references a character pointer with
negative index (-4), I am tempted to think that a bug is triggered by the
negative index.
The line 32113 is
memset(&zSuper[-4], 0, 4);
The error printed:
In function ‘memset’,
inlined from ‘pager_playback’ at /tmp/sqlite3-preprocessed-2.c:32113:5:
/tmp/sqlite3-preprocessed-2.c:4273:10: error: ‘__builtin_memset’ writing 4
bytes into a region of size 0 overflows the destination
[-Werror=stringop-overflow=]
4273 | return __builtin___memset_chk (__dest, __ch, __len,
__builtin_object_size (__dest, 0));
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c: In function ‘pager_playback’:
/tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object
‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
32089 | zSuper = &pPager->pTmpSpace[4];
| ~~~~~~^~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object
‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
cc1: all warnings being treated as errors
I am attaching the preprocessed file which needs to be stored into
/tmp/sqlite3-preprocessed-2.c, and the following script was used to compile it.
(I have removed the file line number directive because it was so confusing to
figure out where the error occurs. But if someone needs to track down which
header files to blame, etc., I can upload the original preprocessed file.)
/usr/bin/gcc-11 -o /tmp/sqlite3-preprocessed-2.o -c -fstack-protector-strong
-ldl -fno-builtin-strlen -g -Werror=sign-compare -Werror=unused-result
-Werror=unused-variable -Werror=format -fuse-ld=gold -ldl -fno-builtin-strlen
-g -Werror -Wmaybe-uninitialized -Wsign-compare -Wunused-result
-Wunused-variable -Wformat -Wno-unknown-pragmas -Wno-switch
-Wno-address-of-packed-member -fuse-ld=gold -fPIC -ffunction-sections
-fdata-sections -fno-math-errno -pthread -pipe -g -g -Og -fvar-tracking
-gdwarf-4 -fvar-tracking-assignments -freorder-blocks -fno-omit-frame-pointer
-funwind-tables -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith
-Wsign-compare -Wtype-limits -Wunreachable-code -Wduplicated-cond -Wlogical-op
-Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations
-Wno-error=array-bounds -Wno-error=free-nonheap-object
-Wno-multistatement-macros -Wno-error=class-memaccess -Wformat
-Wformat-overflow=2 -Werror=implicit-function-declaration -Wno-psabi
-Wno-sign-compare -Wno-type-limits -fno-strict-aliasing -ffp-contract=off
-fdiagnostics-color /tmp/sqlite3-preprocessed-2.c
Actually there is another error printed, but that is an internal integrity
check which holds, and that must be taken care of by the developer somehow.
I.e., this must be ignored.
/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates
to true [-Werror=tautological-compare]
22632 | sqlite3PendingByte+1==(sqlite3PendingByte+1)
| ^~
Thank you in advance for your attention.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
@ 2023-03-06 16:40 ` pinskia at gcc dot gnu.org
2023-03-07 15:52 ` ishikawa at yk dot rim.or.jp
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-06 16:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-03-06
Ever confirmed|0 |1
Status|UNCONFIRMED |WAITING
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Can you attach the preprocessed source? It might have been too big when you
tried to attach it on creation. You can compress it if it is too big.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
2023-03-06 16:40 ` [Bug tree-optimization/109041] " pinskia at gcc dot gnu.org
@ 2023-03-07 15:52 ` ishikawa at yk dot rim.or.jp
2023-03-07 15:56 ` pinskia at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ishikawa at yk dot rim.or.jp @ 2023-03-07 15:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
ishikawa,chiaki <ishikawa at yk dot rim.or.jp> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ishikawa at yk dot rim.or.jp
--- Comment #2 from ishikawa,chiaki <ishikawa at yk dot rim.or.jp> ---
Created attachment 54600
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54600&action=edit
Compressed preprocessed file (less file linenumber directives)
Sorry, I did not realize my attempt to attach the preprocess file failed when I
filed the bug report.
I am compressing the preprocessed file this time.
(Right, uncompressed it was more than 4MB, and now compressed it is like
740KB.)
Hope this helps.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
2023-03-06 16:40 ` [Bug tree-optimization/109041] " pinskia at gcc dot gnu.org
2023-03-07 15:52 ` ishikawa at yk dot rim.or.jp
@ 2023-03-07 15:56 ` pinskia at gcc dot gnu.org
2023-03-08 1:14 ` pinskia at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-07 15:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|1 |0
Status|WAITING |UNCONFIRMED
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (2 preceding siblings ...)
2023-03-07 15:56 ` pinskia at gcc dot gnu.org
@ 2023-03-08 1:14 ` pinskia at gcc dot gnu.org
2023-03-08 5:11 ` ishikawa at yk dot rim.or.jp
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-08 1:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Looks like it has been fixed in GCC 12.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (3 preceding siblings ...)
2023-03-08 1:14 ` pinskia at gcc dot gnu.org
@ 2023-03-08 5:11 ` ishikawa at yk dot rim.or.jp
2023-03-08 10:02 ` marxin at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ishikawa at yk dot rim.or.jp @ 2023-03-08 5:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
--- Comment #4 from ishikawa,chiaki <ishikawa at yk dot rim.or.jp> ---
Right, when I replaced gcc-11 with gcc-12 in my script, I got the following
warnings. One of them was there before, the other is new.
/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates
to true [-Werror=tautological-compare]
22632 | sqlite3PendingByte+1==(sqlite3PendingByte+1)
| ^~
/tmp/sqlite3-preprocessed-2.c: In function ‘vtabCallConstructor’:
/tmp/sqlite3-preprocessed-2.c:121095:4: error: the comparison will always
evaluate as ‘true’ for the address of ‘pVtabCtx’ will never be NULL
[-Werror=address]
121095 | ) ? (void) (0) : __assert_fail (
| ^
/tmp/sqlite3-preprocessed-2.c:5226:12: note: ‘pVtabCtx’ declared here
5226 | VtabCtx *pVtabCtx;
| ^~~~~~~~
cc1: all warnings being treated as errors
The latter one is a new one. Not sure why it was not triggered with gcc-11.
Anyway, actually, I have found out that there is a runtime assertion triggered
by thunderbird mail client when it is compiled with gcc-12, and not with
gcc-10|gcc-11.
So, I wanted to check the source code as much as possible with -Werror before I
dive into runtime code generation issues.
"-Werror" signals so many dubious constructs, and it has been an uphill battle
to make the code compile.
I found a missing "break" statement (implicit fallthrough), and strange size
check (3rd argument to strncpy) already, but I am close to being able to
compile mozilla source tree with more compile time check right now.
Thank you again for making advanced compiler available free of charge.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (4 preceding siblings ...)
2023-03-08 5:11 ` ishikawa at yk dot rim.or.jp
@ 2023-03-08 10:02 ` marxin at gcc dot gnu.org
2023-03-08 15:52 ` ishikawa at yk dot rim.or.jp
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2023-03-08 10:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
I can't reproduce the warning with the provided test-case :/ What options do
you use?
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (5 preceding siblings ...)
2023-03-08 10:02 ` marxin at gcc dot gnu.org
@ 2023-03-08 15:52 ` ishikawa at yk dot rim.or.jp
2023-03-08 15:55 ` ishikawa at yk dot rim.or.jp
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ishikawa at yk dot rim.or.jp @ 2023-03-08 15:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
--- Comment #6 from ishikawa,chiaki <ishikawa at yk dot rim.or.jp> ---
Created attachment 54610
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54610&action=edit
The script to produce the warning in the original report with gcc-11.
The source file needs to be in /tmp/sqlite3-preprocessed-2.c
Run this script with
bash this-script and it will print something like this on my linux PC.
Here I put the script into t83.sh:
bash ~/Dropbox/TB-DIR/WALL-PATCH-DIR/t83.sh
/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates
to true [-Werror=tautological-compare]
22632 | sqlite3PendingByte+1==(sqlite3PendingByte+1)
| ^~
In function ‘memset’,
inlined from ‘pager_playback’ at /tmp/sqlite3-preprocessed-2.c:32113:4:
/tmp/sqlite3-preprocessed-2.c:4273:10: error: ‘__builtin_memset’ writing 4
bytes into a region of size 0 overflows the destination
[-Werror=stringop-overflow=]
4273 | return __builtin___memset_chk (__dest, __ch, __len,
__builtin_object_size (__dest, 0));
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c: In function ‘pager_playback’:
/tmp/sqlite3-preprocessed-2.c:32089:30: note: destination object
‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
32089 | zSuper = (void *) &pPager->pTmpSpace[4];
| ~~~~~~^~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c:32089:30: note: destination object
‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
cc1: all warnings being treated as errors
ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (6 preceding siblings ...)
2023-03-08 15:52 ` ishikawa at yk dot rim.or.jp
@ 2023-03-08 15:55 ` ishikawa at yk dot rim.or.jp
2023-03-09 11:09 ` marxin at gcc dot gnu.org
2023-03-10 14:49 ` ishikawa at yk dot rim.or.jp
9 siblings, 0 replies; 11+ messages in thread
From: ishikawa at yk dot rim.or.jp @ 2023-03-08 15:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
--- Comment #7 from ishikawa,chiaki <ishikawa at yk dot rim.or.jp> ---
If I change gcc-11 into gcc-12 in the attached script, I get the different
warning.
My version of gcc-12 is:
ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$ gcc-12 --version
gcc-12 (Debian 12.2.0-14) 12.2.0
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (7 preceding siblings ...)
2023-03-08 15:55 ` ishikawa at yk dot rim.or.jp
@ 2023-03-09 11:09 ` marxin at gcc dot gnu.org
2023-03-10 14:49 ` ishikawa at yk dot rim.or.jp
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2023-03-09 11:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from Martin Liška <marxin at gcc dot gnu.org> ---
The -Werror=stringop-overflow= is fixed for gcc-12 branch (same for master
branch).
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug tree-optimization/109041] Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
` (8 preceding siblings ...)
2023-03-09 11:09 ` marxin at gcc dot gnu.org
@ 2023-03-10 14:49 ` ishikawa at yk dot rim.or.jp
9 siblings, 0 replies; 11+ messages in thread
From: ishikawa at yk dot rim.or.jp @ 2023-03-10 14:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
--- Comment #9 from ishikawa,chiaki <ishikawa at yk dot rim.or.jp> ---
Thank you for the confirmation for the fix in GCC-12.
Now I have to figure out how GCC-12 seems to miscompile something in
Thunderbird mail client to report a run-time assertion error.
(Compiling Thunderbird mail client with earlier version did not show the
runtime assertion error. So I wanted to weed out possible source problem from
mozilla source code and thunderbird mail client code by using -Werror with due
caution.)
Thank you again for the confirmation of the fix in GCC-12.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-03-10 14:49 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-06 11:16 [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] ishikawa at yk dot rim.or.jp
2023-03-06 16:40 ` [Bug tree-optimization/109041] " pinskia at gcc dot gnu.org
2023-03-07 15:52 ` ishikawa at yk dot rim.or.jp
2023-03-07 15:56 ` pinskia at gcc dot gnu.org
2023-03-08 1:14 ` pinskia at gcc dot gnu.org
2023-03-08 5:11 ` ishikawa at yk dot rim.or.jp
2023-03-08 10:02 ` marxin at gcc dot gnu.org
2023-03-08 15:52 ` ishikawa at yk dot rim.or.jp
2023-03-08 15:55 ` ishikawa at yk dot rim.or.jp
2023-03-09 11:09 ` marxin at gcc dot gnu.org
2023-03-10 14:49 ` ishikawa at yk dot rim.or.jp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).