[Bug c/96367] New: bogus format truncation error on armhf when building perf with gcc 10

[Bug c/96367] New: bogus format truncation error on armhf when building perf with gcc 10

[andrea.righi at canonical dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96367

            Bug ID: 96367
           Summary: bogus format truncation error on armhf when building
                    perf with gcc 10
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: andrea.righi at canonical dot com
  Target Milestone: ---

After moving to gcc-10 (in Ubuntu Groovy) we're getting an error during the
perf build (only on the armhf architecture) when compiling the Linux kernel:

      util/map.c:124:5: error: ‘%s’ directive output may be truncated writing
between 1 and 2147483645 bytes into a region of size 4096
[-Werror=format-truncation=]

Source code:

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/groovy/tree/tools/perf/util/map.c?h=master-next#n117

Looking at the source code it seems to be a false positive: the snprintf()
should never exceed the size of 4096 as reported by the error (the new length
is checked immediately before calling snprintf).

Moreover, it is quite strange that we are getting this error only on armhf. At
least I'm expecting to get this error across all architectures and not just
armhf.

Do you think it's a bug or am I missing something obvious? Thanks!

[Bug tree-optimization/96367] bogus -Wformat-truncation in ILP32

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96367

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|c                           |tree-optimization
     Ever confirmed|0                           |1
             Blocks|                            |85741
      Known to fail|                            |10.2.0, 11.0
   Last reconfirmed|                            |2020-07-29
            Summary|bogus format truncation     |bogus -Wformat-truncation
                   |error on armhf when         |in ILP32
                   |building perf with gcc 10   |
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The mention of armhf was a helpful clue.  With it I was able to reproduce an
unintended inconsistency between ILP32 and LP64 on the following test case. 
Otherwise, reports without test cases to reproduce the problem are hard to
analyze.  An error alone, without the context and the notes that might follow,
also isn't sufficient.  Especially in this case because it doesn't show which
of the four %s directives it refers to.  In the future please provide the
details requested here: https://gcc.gnu.org/bugs/#need.

$ (set -x && cat t.c && gcc -O2 -S -Wall t.c && gcc -O2 -S -Wall -m32 t.c)
+ cat t.c
char a[8];

void f (const char *s)
{
  __SIZE_TYPE__ n = __builtin_strlen (s);
  if (n < 3) return;

  __builtin_snprintf (a, 8, "%s", s);
}
+ gcc -O2 -S -Wall t.c
+ gcc -O2 -S -Wall -m32 t.c
t.c: In function ‘f’:
t.c:8:30: warning: ‘%s’ directive output may be truncated writing between 3 and
2147483645 bytes into a region of size 8 [-Wformat-truncation=]
    8 |   __builtin_snprintf (a, 8, "%s", s);
      |                              ^~
t.c:8:3: note: ‘__builtin_snprintf’ output between 4 and 2147483646 bytes into
a destination of size 8
    8 |   __builtin_snprintf (a, 8, "%s", s);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85741
[Bug 85741] [meta-bug] bogus/missing -Wformat-overflow

[Bug tree-optimization/96367] bogus -Wformat-truncation in ILP32

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96367

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to fail|11.0                        |11.2.0, 12.0

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Reconfirming with GCC 12.  It's not the same as pr104119 (they're related only
by the ILP32 data model).

[Bug tree-optimization/96367] bogus -Wformat-truncation in ILP32

[zfigura at codeweavers dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96367

Zebediah Figura <zfigura at codeweavers dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zfigura at codeweavers dot com

--- Comment #3 from Zebediah Figura <zfigura at codeweavers dot com> ---
I believe I'm running into this trying to compile Wine. Specifically, this
snprintf statement:

https://source.winehq.org/git/wine.git/blob/wine-7.17:/dlls/ntdll/unix/system.c#l3176

is yielding this warning:

../wine/dlls/ntdll/unix/system.c: In function ‘NtQuerySystemInformation’:
../wine/dlls/ntdll/unix/system.c:3176:36: error: ‘%s’ directive output between
0 and 2147483644 bytes may cause result to exceed ‘INT_MAX’
[-Werror=format-truncation=]
 3176 |         snprintf( info, size, "%s%c%s%c%s%c%s", version, 0, wine_build,
0, buf.sysname, 0, buf.release );
      |                                    ^~                       ~~~~~~~~~~
../wine/dlls/ntdll/unix/system.c:3176:9: note: ‘snprintf’ output between 8 and
2147483780 bytes into a destination of size 4294967295
 3176 |         snprintf( info, size, "%s%c%s%c%s%c%s", version, 0, wine_build,
0, buf.sysname, 0, buf.release );
      |        
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

when compiled as 32-bit, using Wine's default flags (so notably -g -O2 -m32
-Wall).

I also tried to reduce it into a simpler test case:

#include <stdio.h>
#include <string.h>

extern const char text[];

size_t func(char *buffer, size_t size)
{
    size_t len = strlen(text);

    snprintf(buffer, size, "text%s", text);
    return len;
}

which fails similarly with "gcc -m32 -O2 -Wall".

Is there a way we can even work around this in Wine? I don't see an obvious
one, especially with no clue why the bug is even happening.

[Bug tree-optimization/96367] bogus -Wformat-truncation in ILP32

[zfigura at codeweavers dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96367

--- Comment #4 from Zebediah Figura <zfigura at codeweavers dot com> ---
Forgot to mention:

leslie@terabithia:~/git/wine32$ gcc --version
gcc (Debian 12.2.0-1) 12.2.0
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.