115274 – Bogus -Wstringop-overread in SQLite source code

Bug 115274 - Bogus -Wstringop-overread in SQLite source code

Summary: Bogus -Wstringop-overread in SQLite source code

Status:	NEW

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	tree-optimization (show other bugs)
Version:	14.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:	diagnostic

Duplicates (1):	115702 (view as bug list)
Depends on:
Blocks:	Wstringop-overread
	Show dependency tree / graph

Reported:	2024-05-29 12:07 UTC by Boris Kolpackov
Modified:	2024-06-29 15:57 UTC (History)
CC List:	5 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2024-06-29 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Boris Kolpackov 2024-05-29 12:07:08 UTC

Compiled attached sqlite3.c from recent SQLite release with GCC 14 and -O3 produces the following bogus (according to our analysis) warning:

$ gcc-14 -O3 -c sqlite3.c
In function ‘sqlite3Strlen30’,
    inlined from ‘sqlite3ColumnSetColl’ at sqlite3.c:115936:10:
sqlite3.c:33361:28: warning: ‘strlen’ reading 1 or more bytes from a region of size 0 [-Wstringop-overread]
33361 |   return 0x3fffffff & (int)strlen(z);
      |                            ^~~~~~~~~
In function ‘sqlite3ColumnSetColl’:
cc1: note: source object is likely at address zero

$ gcc-14 --version
gcc-14 (Debian 14.1.0-1) 14.1.0

There is no such warning with GCC 13.2.0.

Comment 1 Andrew Pinski 2024-05-29 12:08:22 UTC

>Compiled attached sqlite3.c

Looks like it didn't attach.  Can you try again? Maybe compress it?

Comment 2 Boris Kolpackov 2024-05-29 12:15:51 UTC

Ok, I couldn't attach the source file due to size limits, but you can get it from https://sqlite.org/download.html . I get this warning with the latest version, which is 3.46.0 at the time of this writing.

Comment 3 Sam James 2024-05-29 12:35:51 UTC

(In reply to Boris Kolpackov from comment #2)
> Ok, I couldn't attach the source file due to size limits, but you can get it
> from https://sqlite.org/download.html . I get this warning with the latest
> version, which is 3.46.0 at the time of this writing.

Please try compress it.

Comment 4 Boris Kolpackov 2024-05-29 12:46:23 UTC

> Please try compress it.

I did try with xz -9e and it was still 1.5M (the limit is 1M). I doubt any compression method will be able to shave those 50% off.

Comment 5 Andrew Pinski 2024-06-28 20:41:22 UTC

*** Bug 115702 has been marked as a duplicate of this bug. ***

Comment 6 D. Richard Hipp 2024-06-28 21:07:27 UTC

The source file that causes the problem can now be downloaded from
<https://sqlite.org/tmp/sqlite3-20240523.c>.

Comment 7 Andi Kleen 2024-06-28 22:53:28 UTC

Doesn't reproduce for me on recent trunk. So maybe already fixed.

The file is useful as a general run test case for the compiler though.

Comment 8 Andi Kleen 2024-06-28 22:57:50 UTC

Ah never mind. I ran it with the wrong option with -O3 it shows the warning.
Unfortunately the run time is very long so it will be difficult to minimize.

Comment 9 ak 2024-06-29 01:58:04 UTC

creduce minimized it to

#include <string.h>
char *c;
void a();
int b(char *d) { return strlen(d); }
void e() {
  long f = 1;
  f = b(c + f);
  if (c == 0)
    a(f);
}

From the one it seems to be invalid because the c global is indeed NULL.

but it's hard to say if it is exactly equivalent because it will depend on the caller and the original test case had something like 30+ callers, so we don't know the exact context.

Problem is that these warnings which depend on inlining should really print the inline stack for the instance that triggers the warning. I opened PR115704

Comment 10 Andi Kleen 2024-06-29 15:57:27 UTC

-fno-thread-jumps fixes it, so it's probably a dup of PR109071 (same problem with a different warning)