Bug 109455 - false-positive -Wstringop-overflow warning when using std::vector with UBsan
Summary: false-positive -Wstringop-overflow warning when using std::vector with UBsan
Status: UNCONFIRMED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 12.2.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2023-04-09 08:31 UTC by Jörn Heusipp
Modified: 2023-04-11 13:33 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jörn Heusipp 2023-04-09 08:31:51 UTC
```
// g++ -std=c++20 -fexceptions -frtti -pthread -fsanitize=undefined -O3 -Wall -Wextra -Wpedantic -c test.cpp
// GCC 12.2

#include <vector>
#include <cstddef>

struct Table {
	Table();
	void SetSize(std::size_t size);
	std::vector<unsigned char> m_Table;
};

Table::Table() {
	m_Table.resize(42, 23);
}

void Table::SetSize(std::size_t size) {
	m_Table.resize(size);
}
```

results in

```
In file included from /usr/include/c++/12/vector:60,
                 from test.cpp:4:
In static member function ‘static constexpr _Tp* std::__copy_move<_IsMove, true, std::random_access_iterator_tag>::__copy_m(const _Tp*, const _Tp*, _Tp*) [with _Tp = unsigned char; bool _IsMove = true]’,
    inlined from ‘constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool _IsMove = true; _II = unsigned char*; _OI = unsigned char*]’ at /usr/include/c++/12/bits/stl_algobase.h:495:30,
    inlined from ‘constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool _IsMove = true; _II = unsigned char*; _OI = unsigned char*]’ at /usr/include/c++/12/bits/stl_algobase.h:522:42,
    inlined from ‘constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool _IsMove = true; _II = unsigned char*; _OI = unsigned char*]’ at /usr/include/c++/12/bits/stl_algobase.h:529:31,
    inlined from ‘constexpr _OI std::copy(_II, _II, _OI) [with _II = move_iterator<unsigned char*>; _OI = unsigned char*]’ at /usr/include/c++/12/bits/stl_algobase.h:620:7,
    inlined from ‘static _ForwardIterator std::__uninitialized_copy<true>::__uninit_copy(_InputIterator, _InputIterator, _ForwardIterator) [with _InputIterator = std::move_iterator<unsigned char*>; _ForwardIterator = unsigned char*]’ at /usr/include/c++/12/bits/stl_uninitialized.h:147:27,
    inlined from ‘_ForwardIterator std::uninitialized_copy(_InputIterator, _InputIterator, _ForwardIterator) [with _InputIterator = move_iterator<unsigned char*>; _ForwardIterator = unsigned char*]’ at /usr/include/c++/12/bits/stl_uninitialized.h:185:15,
    inlined from ‘constexpr _ForwardIterator std::__uninitialized_copy_a(_InputIterator, _InputIterator, _ForwardIterator, allocator<_Tp>&) [with _InputIterator = move_iterator<unsigned char*>; _ForwardIterator = unsigned char*; _Tp = unsigned char]’ at /usr/include/c++/12/bits/stl_uninitialized.h:372:37,
    inlined from ‘constexpr _ForwardIterator std::__uninitialized_move_if_noexcept_a(_InputIterator, _InputIterator, _ForwardIterator, _Allocator&) [with _InputIterator = unsigned char*; _ForwardIterator = unsigned char*; _Allocator = allocator<unsigned char>]’ at /usr/include/c++/12/bits/stl_uninitialized.h:397:2,
    inlined from ‘constexpr void std::vector<_Tp, _Alloc>::_M_fill_insert(iterator, size_type, const value_type&) [with _Tp = unsigned char; _Alloc = std::allocator<unsigned char>]’ at /usr/include/c++/12/bits/vector.tcc:594:7,
    inlined from ‘constexpr void std::vector<_Tp, _Alloc>::resize(size_type, const value_type&) [with _Tp = unsigned char; _Alloc = std::allocator<unsigned char>]’ at /usr/include/c++/12/bits/stl_vector.h:1032:18,
    inlined from ‘Table::Table()’ at test.cpp:14:16:
/usr/include/c++/12/bits/stl_algobase.h:431:30: warning: ‘void* __builtin_memmove(void*, const void*, long unsigned int)’ writing 1 or more bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
  431 |             __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
      |             ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/x86_64-linux-gnu/c++/12/bits/c++allocator.h:33,
                 from /usr/include/c++/12/bits/allocator.h:46,
                 from /usr/include/c++/12/vector:61:
In member function ‘_Tp* std::__new_allocator<_Tp>::allocate(size_type, const void*) [with _Tp = unsigned char]’,
    inlined from ‘constexpr _Tp* std::allocator< <template-parameter-1-1> >::allocate(std::size_t) [with _Tp = unsigned char]’ at /usr/include/c++/12/bits/allocator.h:188:40,
    inlined from ‘static constexpr _Tp* std::allocator_traits<std::allocator<_Up> >::allocate(allocator_type&, size_type) [with _Tp = unsigned char]’ at /usr/include/c++/12/bits/alloc_traits.h:464:28,
    inlined from ‘constexpr std::_Vector_base<_Tp, _Alloc>::pointer std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp = unsigned char; _Alloc = std::allocator<unsigned char>]’ at /usr/include/c++/12/bits/stl_vector.h:378:33,
    inlined from ‘constexpr void std::vector<_Tp, _Alloc>::_M_fill_insert(iterator, size_type, const value_type&) [with _Tp = unsigned char; _Alloc = std::allocator<unsigned char>]’ at /usr/include/c++/12/bits/vector.tcc:575:45,
    inlined from ‘constexpr void std::vector<_Tp, _Alloc>::resize(size_type, const value_type&) [with _Tp = unsigned char; _Alloc = std::allocator<unsigned char>]’ at /usr/include/c++/12/bits/stl_vector.h:1032:18,
    inlined from ‘Table::Table()’ at test.cpp:14:16:
/usr/include/c++/12/bits/new_allocator.h:137:55: note: at offset 42 into destination object of size 42 allocated by ‘operator new’
  137 |         return static_cast<_Tp*>(_GLIBCXX_OPERATOR_NEW(__n * sizeof(_Tp)));
      |                                                       ^
```

```
manx@appendix:~/tmp$ g++ --version
g++ (Debian 12.2.0-14) 12.2.0
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
```

godbolt: https://godbolt.org/z/17T47MvcK

Does not happen with GCC trunk on godbolt.

There are many similar bugs already reported, but I was not able to find any particularly good match. It might still be a duplicate though.
Comment 1 Andrew Pinski 2023-04-09 16:25:35 UTC
From https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fsanitize_003dundefined


Note that sanitizers tend to increase the rate of false positive warnings, most notably those around -Wmaybe-uninitialized. We recommend against combining -Werror and [the use of] sanitizers.