public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "ishikawa at yk dot rim.or.jp" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/109041] New: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] Date: Mon, 06 Mar 2023 11:16:38 +0000 [thread overview] Message-ID: <bug-109041-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041 Bug ID: 109041 Summary: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] Product: gcc Version: 11.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: ishikawa at yk dot rim.or.jp Target Milestone: --- I am compiling sqlite3.c included in mozilla firefox source tree with gcc -Werror and -Wall flag (with some exclusion of certain warnings). Then the compiler spewed out the following warning treated as error, which, I think, is bogus, but not so sure. Since the code works without the compile time check, I suppose it works :-) Gcc version is 11.3. I am compiling under Debian GNU/Linux. ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$ gcc-11 --version gcc-11 (Debian 11.3.0-12) 11.3.0 Copyright (C) 2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You see, a region of size 0 looks obviously bogus. When I look at the original code that references a character pointer with negative index (-4), I am tempted to think that a bug is triggered by the negative index. The line 32113 is memset(&zSuper[-4], 0, 4); The error printed: In function ‘memset’, inlined from ‘pager_playback’ at /tmp/sqlite3-preprocessed-2.c:32113:5: /tmp/sqlite3-preprocessed-2.c:4273:10: error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=] 4273 | return __builtin___memset_chk (__dest, __ch, __len, __builtin_object_size (__dest, 0)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /tmp/sqlite3-preprocessed-2.c: In function ‘pager_playback’: /tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object ‘*pPager.pTmpSpace’ of size [0, 9223372036854775807] 32089 | zSuper = &pPager->pTmpSpace[4]; | ~~~~~~^~~~~~~~~~~ /tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object ‘*pPager.pTmpSpace’ of size [0, 9223372036854775807] cc1: all warnings being treated as errors I am attaching the preprocessed file which needs to be stored into /tmp/sqlite3-preprocessed-2.c, and the following script was used to compile it. (I have removed the file line number directive because it was so confusing to figure out where the error occurs. But if someone needs to track down which header files to blame, etc., I can upload the original preprocessed file.) /usr/bin/gcc-11 -o /tmp/sqlite3-preprocessed-2.o -c -fstack-protector-strong -ldl -fno-builtin-strlen -g -Werror=sign-compare -Werror=unused-result -Werror=unused-variable -Werror=format -fuse-ld=gold -ldl -fno-builtin-strlen -g -Werror -Wmaybe-uninitialized -Wsign-compare -Wunused-result -Wunused-variable -Wformat -Wno-unknown-pragmas -Wno-switch -Wno-address-of-packed-member -fuse-ld=gold -fPIC -ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe -g -g -Og -fvar-tracking -gdwarf-4 -fvar-tracking-assignments -freorder-blocks -fno-omit-frame-pointer -funwind-tables -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wduplicated-cond -Wlogical-op -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-overflow=2 -Werror=implicit-function-declaration -Wno-psabi -Wno-sign-compare -Wno-type-limits -fno-strict-aliasing -ffp-contract=off -fdiagnostics-color /tmp/sqlite3-preprocessed-2.c Actually there is another error printed, but that is an internal integrity check which holds, and that must be taken care of by the developer somehow. I.e., this must be ignored. /tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’: /tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates to true [-Werror=tautological-compare] 22632 | sqlite3PendingByte+1==(sqlite3PendingByte+1) | ^~ Thank you in advance for your attention.
next reply other threads:[~2023-03-06 11:16 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-06 11:16 ishikawa at yk dot rim.or.jp [this message] 2023-03-06 16:40 ` [Bug tree-optimization/109041] " pinskia at gcc dot gnu.org 2023-03-07 15:52 ` ishikawa at yk dot rim.or.jp 2023-03-07 15:56 ` pinskia at gcc dot gnu.org 2023-03-08 1:14 ` pinskia at gcc dot gnu.org 2023-03-08 5:11 ` ishikawa at yk dot rim.or.jp 2023-03-08 10:02 ` marxin at gcc dot gnu.org 2023-03-08 15:52 ` ishikawa at yk dot rim.or.jp 2023-03-08 15:55 ` ishikawa at yk dot rim.or.jp 2023-03-09 11:09 ` marxin at gcc dot gnu.org 2023-03-10 14:49 ` ishikawa at yk dot rim.or.jp
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-109041-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).