https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109041
Bug ID: 109041
Summary: Bogus compile time check by __builtin_memset? error:
‘__builtin_memset’ writing 4 bytes into a region of
size 0 overflows the destination
[-Werror=stringop-overflow=]
Product: gcc
Version: 11.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: ishikawa at yk dot rim.or.jp
Target Milestone: ---
I am compiling sqlite3.c included in mozilla firefox source tree with gcc
-Werror and -Wall flag (with some exclusion of certain warnings).
Then the compiler spewed out the following warning treated as error, which, I
think, is bogus, but not so sure.
Since the code works without the compile time check, I suppose it works :-)
Gcc version is 11.3. I am compiling under Debian GNU/Linux.
ishikawa@ip030:/NREF-COMM-CENTRAL/mozilla$ gcc-11 --version
gcc-11 (Debian 11.3.0-12) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
You see, a region of size 0 looks obviously bogus.
When I look at the original code that references a character pointer with
negative index (-4), I am tempted to think that a bug is triggered by the
negative index.
The line 32113 is
memset(&zSuper[-4], 0, 4);
The error printed:
In function ‘memset’,
inlined from ‘pager_playback’ at /tmp/sqlite3-preprocessed-2.c:32113:5:
/tmp/sqlite3-preprocessed-2.c:4273:10: error: ‘__builtin_memset’ writing 4
bytes into a region of size 0 overflows the destination
[-Werror=stringop-overflow=]
4273 | return __builtin___memset_chk (__dest, __ch, __len,
__builtin_object_size (__dest, 0));
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c: In function ‘pager_playback’:
/tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object
‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
32089 | zSuper = &pPager->pTmpSpace[4];
| ~~~~~~^~~~~~~~~~~
/tmp/sqlite3-preprocessed-2.c:32089:21: note: destination object
‘*pPager.pTmpSpace’ of size [0, 9223372036854775807]
cc1: all warnings being treated as errors
I am attaching the preprocessed file which needs to be stored into
/tmp/sqlite3-preprocessed-2.c, and the following script was used to compile it.
(I have removed the file line number directive because it was so confusing to
figure out where the error occurs. But if someone needs to track down which
header files to blame, etc., I can upload the original preprocessed file.)
/usr/bin/gcc-11 -o /tmp/sqlite3-preprocessed-2.o -c -fstack-protector-strong
-ldl -fno-builtin-strlen -g -Werror=sign-compare -Werror=unused-result
-Werror=unused-variable -Werror=format -fuse-ld=gold -ldl -fno-builtin-strlen
-g -Werror -Wmaybe-uninitialized -Wsign-compare -Wunused-result
-Wunused-variable -Wformat -Wno-unknown-pragmas -Wno-switch
-Wno-address-of-packed-member -fuse-ld=gold -fPIC -ffunction-sections
-fdata-sections -fno-math-errno -pthread -pipe -g -g -Og -fvar-tracking
-gdwarf-4 -fvar-tracking-assignments -freorder-blocks -fno-omit-frame-pointer
-funwind-tables -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith
-Wsign-compare -Wtype-limits -Wunreachable-code -Wduplicated-cond -Wlogical-op
-Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations
-Wno-error=array-bounds -Wno-error=free-nonheap-object
-Wno-multistatement-macros -Wno-error=class-memaccess -Wformat
-Wformat-overflow=2 -Werror=implicit-function-declaration -Wno-psabi
-Wno-sign-compare -Wno-type-limits -fno-strict-aliasing -ffp-contract=off
-fdiagnostics-color /tmp/sqlite3-preprocessed-2.c
Actually there is another error printed, but that is an internal integrity
check which holds, and that must be taken care of by the developer somehow.
I.e., this must be ignored.
/tmp/sqlite3-preprocessed-2.c: In function ‘posixUnlock’:
/tmp/sqlite3-preprocessed-2.c:22632:42: error: self-comparison always evaluates
to true [-Werror=tautological-compare]
22632 | sqlite3PendingByte+1==(sqlite3PendingByte+1)
| ^~
Thank you in advance for your attention.
