Bug 1909564

Summary: Regression: false -Wstringop-overread warning from gcc-c++-11.0.0-0.10.fc34
Product: [Fedora] Fedora Reporter: Mattias Ellert <mattias.ellert>
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 34CC: aoliva, dmalcolm, fweimer, jakub, jwakely, kdudka, law, mpolacek, msebor, mtasaka, nickc, sipoyare, trpost, vmihalko
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gcc-11.0.0-0.19.fc34 gcc-11.0.0-0.19.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-13 13:19:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1914324, 1923590    
Attachments:
Description Flags
Test case none

Description Mattias Ellert 2020-12-21 00:16:26 UTC 
Created attachment 1740806 [details]
Test case

Description of problem:

False positive -Wstringop-overread warning.
This is a regression in gcc-c++-11.0.0-0.10.fc34 wrt gcc-c++-11.0.0-0.7.fc34.

The warning says: reading 3 bytes from a region of size 1
But the source of the copy is a string constant "ABC", which clearly is not one character long.

Version-Release number of selected component (if applicable):

gcc-c++-11.0.0-0.10.fc34

How reproducible:

Always

Steps to Reproduce:
1. tar -z -x -f gcc-bug.tar.gz (see attachment)
2. cd gcc-bug
3. make

Actual results:

Error

g++ -fPIC -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -c -o test.o test.cpp
g++ -shared -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld  -o libtest.so test.o
In function ‘copy’,
    inlined from ‘_S_copy’ at /usr/include/c++/11/bits/basic_string.h:351:21,
    inlined from ‘_S_copy’ at /usr/include/c++/11/bits/basic_string.h:346:7,
    inlined from ‘_M_replace’ at /usr/include/c++/11/bits/basic_string.tcc:481:20,
    inlined from ‘replace’ at /usr/include/c++/11/bits/basic_string.h:1946:19,
    inlined from ‘insert’ at /usr/include/c++/11/bits/basic_string.h:1714:22,
    inlined from ‘operator+’ at /usr/include/c++/11/bits/basic_string.h:6154:23,
    inlined from ‘B’ at test.cpp:4:40:
/usr/include/c++/11/bits/char_traits.h:402:56: warning: ‘__builtin_memcpy’ reading 3 bytes from a region of size 1 [-Wstringop-overread]
  402 |         return static_cast<char_type*>(__builtin_memcpy(__s1, __s2, __n));
      |                                                        ^

Expected results:

No error (as with gcc-c++-11.0.0-0.7.fc34)

g++ -fPIC -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -c -o test.o test.cpp
g++ -shared -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld  -o libtest.so test.o

Additional info:

Reduced from kischei failure:

https://koschei.fedoraproject.org/package/xrootd?collection=f34
Comment 1 Mattias Ellert 2020-12-24 12:42:21 UTC 
Still happens with gcc-c++-11.0.0-0.11.fc34.
Comment 2 Mattias Ellert 2021-01-11 20:20:26 UTC 
Still happens with gcc-c++-11.0.0-0.12.fc34.
Comment 3 Kamil Dudka 2021-01-13 18:00:44 UTC 
This regression broke the build of cbmc, which compiles with -Werror:

    https://koji.fedoraproject.org/koji/taskinfo?taskID=59589370

I ended up with the following minimal example (compiled with `-O2 -g -Wp,-D_GLIBCXX_ASSERTIONS -c`):

#include <string>

struct T { std::string s; };

T f() {
    T obj;
    obj.s = "location";
    return obj;
}
Comment 4 Martin Sebor 2021-01-13 18:08:22 UTC 
The upstream bug is https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98465.
Comment 5 Antonio T. sagitter 2021-01-15 20:59:59 UTC 
Same error for gtengine-5.6 (not pushed yet):

[ 86%] Building CXX object Graphics/CMakeFiles/gtgraphics.dir/GL45/GL45InputLayoutManager.cpp.o
cd /builddir/build/BUILD/GeometricTools-GTE-version-5.6/Graphics && /usr/bin/g++ -DGTE_DISABLE_PCH -DGTE_USE_LINUX -DGTE_USE_MAT_VEC -DGTE_USE_OPENGL -DGTE_USE_ROW_MAJOR -DNDEBUG -Dgtgraphics_EXPORTS -I/builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/.. -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DNDEBUG -fPIC -c -Wall -Werror -O3 -std=c++14 -o CMakeFiles/gtgraphics.dir/GL45/GL45InputLayoutManager.cpp.o -c /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/GL45/GL45InputLayoutManager.cpp
In file included from /usr/include/c++/11/string:40,
                 from /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/../Graphics/DataFormat.h:10,
                 from /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/../Graphics/VertexFormat.h:10,
                 from /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/VertexFormat.cpp:9:
In function 'std::char_traits<char>::copy(char*, char const*, unsigned long)',
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_copy(char*, char const*, unsigned long)' at /usr/include/c++/11/bits/basic_string.h:351:21,
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long)' at /usr/include/c++/11/bits/basic_string.tcc:481:20,
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::replace(unsigned long, unsigned long, char const*, unsigned long)' at /usr/include/c++/11/bits/basic_string.h:1946:19,
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::insert(unsigned long, char const*)' at /usr/include/c++/11/bits/basic_string.h:1714:22,
    inlined from 'std::operator+<char, std::char_traits<char>, std::allocator<char> >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&)std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >' at /usr/include/c++/11/bits/basic_string.h:6154:23,
    inlined from 'gte::Logger::Logger(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)' at /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/../Mathematics/Logger.h:86:44:
/usr/include/c++/11/bits/char_traits.h:402:56: error: 'memcpy' reading 6 bytes from a region of size 1 [-Werror=stringop-overread]
  402 |         return static_cast<char_type*>(__builtin_memcpy(__s1, __s2, __n));
      |                                        ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
Comment 6 Ben Cotton 2021-02-09 16:12:44 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 34 development cycle.
Changing version to 34.