Bug 2075786
| Summary: | possible bogus stringop-overread with memchr | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Carlo Marcelo Arenas Belón <carenas> |
| Component: | gcc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 36 | CC: | aoliva, ashipile, dmalcolm, fweimer, jakub, jwakely, law, mpolacek, msebor, nickc, sipoyare |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-04-26 00:19:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
this has been reported in Debian as well, but couldn't find an upstreamed bug and don't have an account there (yet) to create one, if that would be preferred. AFAIK, the issue might had even manifested itself with -O3 in a previous gcc version based on additional investigation[1] from the Windows Git maintainer this might seem to be related to a known issue[2] in gcc which is labeled as WONTFIX. [1] https://lore.kernel.org/git/365889ee96e37dc9dcbe60d98880eb256dae90ee.1653351786.git.gitgitgadget@gmail.com/ [2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=85783 The two problems are unrelated. The one here is due to GCC being overly conservative about the results of pointer subtraction, or more generally, not having the "smarts" to know that result of incrementing a pointer to an object is necessarily greater than or equal to the object's address. For example, in the snippet below it's safe to assume that the condition is true (otherwise the program would be undefined), and eliminate the call to abort(). Because GCC doesn't do that, conditions like that hamper subsequent optimizations that in turn sometimes trigger false positive warnings.
void f (int n)
{
char a[2], *p = a + n;
if (p < a)
abort ();
}
Possible sighting in OpenJDK: https://bugs.openjdk.org/browse/JDK-8288759 This message is a reminder that Fedora Linux 36 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '36'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 36 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed. no longer reproducible with Fedora 38 gcc (GCC) 13.0.1 20230401 (Red Hat 13.0.1-0) |
Description of problem: while building git with: make DEVELOPER=1 it will abort (it uses -Werror) while trying to build dir.c with the following message: dir.c: In function ‘git_url_basename’: dir.c:3085:13: error: ‘memchr’ specified bound [9223372036854775808, 0] exceeds maximum object size 9223372036854775807 [-Werror=stringop-overread] 3085 | if (memchr(start, '/', end - start) == NULL | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ the issue is triggered with -O2 or higher in that codebase, but hadn't been able to generate a minimized reproducer. Version-Release number of selected component (if applicable): 12.0.1-0.14.fc36 How reproducible: 100% Steps to Reproduce: 1. get git sources (either from a release or git) 2. make DEVELOPER=1 dir.o 3. Actual results: build failure Expected results: no warnings Additional info: DEVELOPER=1 is used by git's CI which is likely to break with fc36 release, presume the fc36 package is showing the warning but has been ignored, hence fc36 will have a working git package