Bug 2075786

Summary: possible bogus stringop-overread with memchr
Product: [Fedora] Fedora Reporter: Carlo Marcelo Arenas Belón <carenas>
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 36CC: aoliva, ashipile, dmalcolm, fweimer, jakub, jwakely, law, mpolacek, msebor, nickc, sipoyare
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-26 00:19:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Carlo Marcelo Arenas Belón 2022-04-15 10:19:29 UTC
Description of problem:
while building git with:

  make DEVELOPER=1

it will abort (it uses -Werror) while trying to build dir.c with the following message:

dir.c: In function ‘git_url_basename’:
dir.c:3085:13: error: ‘memchr’ specified bound [9223372036854775808, 0] exceeds maximum object size 9223372036854775807 [-Werror=stringop-overread]
 3085 |         if (memchr(start, '/', end - start) == NULL
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

the issue is triggered with -O2 or higher in that codebase, but hadn't been able to generate a minimized reproducer.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. get git sources (either from a release or git)
2. make DEVELOPER=1 dir.o

Actual results:
build failure

Expected results:
no warnings

Additional info:
DEVELOPER=1 is used by git's CI which is likely to break with fc36 release, presume the fc36 package is showing the warning but has been ignored, hence fc36 will have a working git package

Comment 1 Carlo Marcelo Arenas Belón 2022-04-16 03:36:32 UTC
this has been reported in Debian as well, but couldn't find an upstreamed bug and don't have an account there (yet) to create one, if that would be preferred.

AFAIK, the issue might had even manifested itself with -O3 in a previous gcc version

Comment 2 Carlo Marcelo Arenas Belón 2022-05-24 20:35:01 UTC
based on additional investigation[1] from the Windows Git maintainer this might seem to be related to a known issue[2] in gcc which is labeled as WONTFIX.

[1] https://lore.kernel.org/git/365889ee96e37dc9dcbe60d98880eb256dae90ee.1653351786.git.gitgitgadget@gmail.com/
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=85783

Comment 3 Martin Sebor 2022-05-25 19:12:10 UTC
The two problems are unrelated.  The one here is due to GCC being overly conservative about the results of pointer subtraction, or more generally, not having the "smarts" to know that result of incrementing a pointer to an object is necessarily greater than or equal to the object's address.  For example, in the snippet below it's safe to assume that the condition is true (otherwise the program would be undefined), and eliminate the call to abort().  Because GCC doesn't do that, conditions like that hamper subsequent optimizations that in turn sometimes trigger false positive warnings.

void f (int n)
  char a[2], *p = a + n;
  if (p < a)
    abort ();

Comment 4 Aleksey Shipilev 2022-06-20 17:32:23 UTC
Possible sighting in OpenJDK: 

Comment 5 Ben Cotton 2023-04-25 17:01:09 UTC
This message is a reminder that Fedora Linux 36 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '36'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 36 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 6 Carlo Marcelo Arenas Belón 2023-04-26 00:19:15 UTC
no longer reproducible with Fedora 38

gcc (GCC) 13.0.1 20230401 (Red Hat 13.0.1-0)