Bug 109041 - Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
Summary: Bogus compile time check by __builtin_memset? error: ‘__builtin_memset’ writi...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 11.3.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic, needs-reduction
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2023-03-06 11:16 UTC by ishikawa,chiaki
Modified: 2023-03-10 14:49 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2023-03-06 00:00:00


Attachments
Compressed preprocessed file (less file linenumber directives) (723.62 KB, application/x-gzip)
2023-03-07 15:52 UTC, ishikawa,chiaki
Details
The script to produce the warning in the original report with gcc-11. (596 bytes, text/plain)
2023-03-08 15:52 UTC, ishikawa,chiaki
Details

Note You need to log in before you can comment on or make changes to this bug.
Description ishikawa,chiaki 2023-03-06 11:16:38 UTC
I am compiling sqlite3.c included in mozilla firefox source tree with gcc -Werror and -Wall flag (with some exclusion of certain warnings).
Then the compiler spewed out the following warning treated as error, which, I think, is bogus, but not so sure.
Since the code works without the compile time check, I suppose it works :-)

Gcc version is 11.3. I am compiling under Debian GNU/Linux.

ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$ gcc-11 --version
gcc-11 (Debian 11.3.0-12) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

You see, a region of size 0 looks obviously bogus.
When I look at the original code that references a character pointer with negative index (-4), I am tempted to think that a bug is triggered by the negative index.

The line 32113 is
    memset(&zSuper[-4], 0, 4);


The error printed:
                                       
In function ‘memset’,
    inlined from ‘pager_playback’ at /tmp/sqlite3-preprocessed-2.c:32113:5:
/tmp/sqlite3-preprocessed-2.c:4273:10: error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
 4273 |   return __builtin___memset_chk (__dest, __ch, __len, __builtin_object_size (__dest, 0));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c: In function ‘pager_playback’:
/tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object ‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
32089 |     zSuper = &pPager->pTmpSpace[4];
      |               ~~~~~~^~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object ‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
cc1: all warnings being treated as errors
I am attaching the preprocessed file which needs to be stored into /tmp/sqlite3-preprocessed-2.c, and the following script was used to compile it.
(I have removed the file line number directive because it was so confusing to 
figure out where the error occurs. But if someone needs to track down which header files to blame, etc., I can upload the original preprocessed file.)

/usr/bin/gcc-11  -o /tmp/sqlite3-preprocessed-2.o -c   -fstack-protector-strong -ldl -fno-builtin-strlen  -g -Werror=sign-compare -Werror=unused-result -Werror=unused-variable -Werror=format -fuse-ld=gold -ldl -fno-builtin-strlen -g -Werror -Wmaybe-uninitialized -Wsign-compare -Wunused-result -Wunused-variable -Wformat -Wno-unknown-pragmas -Wno-switch -Wno-address-of-packed-member -fuse-ld=gold -fPIC -ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe -g -g -Og -fvar-tracking -gdwarf-4 -fvar-tracking-assignments -freorder-blocks -fno-omit-frame-pointer -funwind-tables -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wduplicated-cond -Wlogical-op -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-overflow=2 -Werror=implicit-function-declaration -Wno-psabi -Wno-sign-compare -Wno-type-limits -fno-strict-aliasing -ffp-contract=off  -fdiagnostics-color /tmp/sqlite3-preprocessed-2.c


Actually there is another error printed, but that is an internal integrity check which holds, and that must be taken care of by the developer somehow.

I.e., this must be ignored.
/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates to true [-Werror=tautological-compare]
22632 |                      sqlite3PendingByte+1==(sqlite3PendingByte+1)
      |                                          ^~

Thank you in advance for your attention.
Comment 1 Andrew Pinski 2023-03-06 16:40:03 UTC
Can you attach the preprocessed source? It might have been too big when you tried to attach it on creation. You can compress it if it is too big.
Comment 2 ishikawa,chiaki 2023-03-07 15:52:41 UTC
Created attachment 54600 [details]
Compressed preprocessed file (less file linenumber directives)

Sorry, I did not realize my attempt to attach the preprocess file failed when I filed the bug report.

I am compressing the preprocessed file this time.

(Right, uncompressed it was more than 4MB, and now compressed it is like 740KB.)

Hope this helps.
Comment 3 Andrew Pinski 2023-03-08 01:14:53 UTC
Looks like it has been fixed in GCC 12.
Comment 4 ishikawa,chiaki 2023-03-08 05:11:05 UTC
Right, when I replaced gcc-11 with gcc-12 in my script, I got the following warnings. One of them was there before, the other is new.

/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates to true [-Werror=tautological-compare]
22632 |                      sqlite3PendingByte+1==(sqlite3PendingByte+1)
      |                                          ^~
/tmp/sqlite3-preprocessed-2.c: In function ‘vtabCallConstructor’:
/tmp/sqlite3-preprocessed-2.c:121095:4: error: the comparison will always evaluate as ‘true’ for the address of ‘pVtabCtx’ will never be NULL [-Werror=address]
121095 |  ) ? (void) (0) : __assert_fail (
       |    ^
/tmp/sqlite3-preprocessed-2.c:5226:12: note: ‘pVtabCtx’ declared here
 5226 |   VtabCtx *pVtabCtx;
      |            ^~~~~~~~
cc1: all warnings being treated as errors


The latter one is a new one. Not sure why it was not triggered with gcc-11.

Anyway, actually, I have found out that there is a runtime assertion triggered by thunderbird mail client when it is compiled with gcc-12, and not with gcc-10|gcc-11.
So, I wanted to check the source code as much as possible with -Werror before I dive into runtime code generation issues.
"-Werror" signals so many dubious constructs, and it has been an uphill battle to make the code compile.
I found a missing "break" statement (implicit fallthrough), and strange size check (3rd argument to strncpy) already, but  I am close to being able to compile mozilla source tree with more compile time check right now.

Thank you again for making advanced compiler available free of charge.
Comment 5 Martin Liška 2023-03-08 10:02:28 UTC
I can't reproduce the warning with the provided test-case :/ What options do you use?
Comment 6 ishikawa,chiaki 2023-03-08 15:52:30 UTC
Created attachment 54610 [details]
The script to produce the warning in the original report with gcc-11.

The source file needs to be in /tmp/sqlite3-preprocessed-2.c

Run this script with
bash this-script and it will print something like this on my linux PC.

Here I put the script into t83.sh:

bash ~/Dropbox/TB-DIR/WALL-PATCH-DIR/t83.sh
/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates to true [-Werror=tautological-compare]
22632 |                      sqlite3PendingByte+1==(sqlite3PendingByte+1)
      |                                          ^~
In function ‘memset’,
    inlined from ‘pager_playback’ at /tmp/sqlite3-preprocessed-2.c:32113:4:
/tmp/sqlite3-preprocessed-2.c:4273:10: error: ‘__builtin_memset’ writing 4 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
 4273 |   return __builtin___memset_chk (__dest, __ch, __len, __builtin_object_size (__dest, 0));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c: In function ‘pager_playback’:
/tmp/sqlite3-preprocessed-2.c:32089:30: note: destination object ‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
32089 |     zSuper = (void *) &pPager->pTmpSpace[4];
      |                        ~~~~~~^~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c:32089:30: note: destination object ‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
cc1: all warnings being treated as errors
ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$
Comment 7 ishikawa,chiaki 2023-03-08 15:55:05 UTC
If I change gcc-11 into gcc-12 in the attached script, I get the different warning.

My version of gcc-12 is:

ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$ gcc-12 --version
gcc-12 (Debian 12.2.0-14) 12.2.0
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Comment 8 Martin Liška 2023-03-09 11:09:42 UTC
The -Werror=stringop-overflow= is fixed for gcc-12 branch (same for master branch).
Comment 9 ishikawa,chiaki 2023-03-10 14:49:49 UTC
Thank you for the confirmation for the fix in GCC-12.

Now I have to figure out how GCC-12 seems to miscompile something in Thunderbird mail client to report a run-time assertion error.
(Compiling Thunderbird mail client with earlier version did not show the runtime assertion error. So I wanted to weed out possible source problem from mozilla source code and thunderbird mail client code by using -Werror with due caution.)

Thank you again for the confirmation of the fix in GCC-12.