1909564 – Regression: false -Wstringop-overread warning from gcc-c++-11.0.0-0.10.fc34

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1909564 - Regression: false -Wstringop-overread warning from gcc-c++-11.0.0-0.10.fc34

Summary: Regression: false -Wstringop-overread warning from gcc-c++-11.0.0-0.10.fc34

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gcc
Sub Component:
Version:	34
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1914324 1923590
TreeView+	depends on / blocked

Reported:	2020-12-21 00:16 UTC by Mattias Ellert
Modified:	2021-02-13 13:19 UTC (History)
CC List:	14 users (show)
Fixed In Version:	gcc-11.0.0-0.19.fc34 gcc-11.0.0-0.19.fc35
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-02-13 13:19:14 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Test case (410 bytes, application/gzip) 2020-12-21 00:16 UTC, Mattias Ellert	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNU Compiler Collection	98465	0	P2	ASSIGNED	Bogus -Wstringop-overread with -std=gnu++20 -O2 and std::string::insert	2021-02-13 05:31:24 UTC

Description Mattias Ellert 2020-12-21 00:16:26 UTC

Created attachment 1740806 [details]
Test case

Description of problem:

False positive -Wstringop-overread warning.
This is a regression in gcc-c++-11.0.0-0.10.fc34 wrt gcc-c++-11.0.0-0.7.fc34.

The warning says: reading 3 bytes from a region of size 1
But the source of the copy is a string constant "ABC", which clearly is not one character long.

Version-Release number of selected component (if applicable):

gcc-c++-11.0.0-0.10.fc34

How reproducible:

Always

Steps to Reproduce:
1. tar -z -x -f gcc-bug.tar.gz (see attachment)
2. cd gcc-bug
3. make

Actual results:

Error

g++ -fPIC -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -c -o test.o test.cpp
g++ -shared -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld  -o libtest.so test.o
In function ‘copy’,
    inlined from ‘_S_copy’ at /usr/include/c++/11/bits/basic_string.h:351:21,
    inlined from ‘_S_copy’ at /usr/include/c++/11/bits/basic_string.h:346:7,
    inlined from ‘_M_replace’ at /usr/include/c++/11/bits/basic_string.tcc:481:20,
    inlined from ‘replace’ at /usr/include/c++/11/bits/basic_string.h:1946:19,
    inlined from ‘insert’ at /usr/include/c++/11/bits/basic_string.h:1714:22,
    inlined from ‘operator+’ at /usr/include/c++/11/bits/basic_string.h:6154:23,
    inlined from ‘B’ at test.cpp:4:40:
/usr/include/c++/11/bits/char_traits.h:402:56: warning: ‘__builtin_memcpy’ reading 3 bytes from a region of size 1 [-Wstringop-overread]
  402 |         return static_cast<char_type*>(__builtin_memcpy(__s1, __s2, __n));
      |                                                        ^

Expected results:

No error (as with gcc-c++-11.0.0-0.7.fc34)

g++ -fPIC -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -c -o test.o test.cpp
g++ -shared -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld  -o libtest.so test.o

Additional info:

Reduced from kischei failure:

https://koschei.fedoraproject.org/package/xrootd?collection=f34

Comment 1 Mattias Ellert 2020-12-24 12:42:21 UTC

Still happens with gcc-c++-11.0.0-0.11.fc34.

Comment 2 Mattias Ellert 2021-01-11 20:20:26 UTC

Still happens with gcc-c++-11.0.0-0.12.fc34.

Comment 3 Kamil Dudka 2021-01-13 18:00:44 UTC

This regression broke the build of cbmc, which compiles with -Werror:

    https://koji.fedoraproject.org/koji/taskinfo?taskID=59589370

I ended up with the following minimal example (compiled with `-O2 -g -Wp,-D_GLIBCXX_ASSERTIONS -c`):

#include <string>

struct T { std::string s; };

T f() {
    T obj;
    obj.s = "location";
    return obj;
}

Comment 4 Martin Sebor 2021-01-13 18:08:22 UTC

The upstream bug is https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98465.

Comment 5 Antonio T. sagitter 2021-01-15 20:59:59 UTC

Same error for gtengine-5.6 (not pushed yet):

[ 86%] Building CXX object Graphics/CMakeFiles/gtgraphics.dir/GL45/GL45InputLayoutManager.cpp.o
cd /builddir/build/BUILD/GeometricTools-GTE-version-5.6/Graphics && /usr/bin/g++ -DGTE_DISABLE_PCH -DGTE_USE_LINUX -DGTE_USE_MAT_VEC -DGTE_USE_OPENGL -DGTE_USE_ROW_MAJOR -DNDEBUG -Dgtgraphics_EXPORTS -I/builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/.. -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DNDEBUG -fPIC -c -Wall -Werror -O3 -std=c++14 -o CMakeFiles/gtgraphics.dir/GL45/GL45InputLayoutManager.cpp.o -c /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/GL45/GL45InputLayoutManager.cpp
In file included from /usr/include/c++/11/string:40,
                 from /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/../Graphics/DataFormat.h:10,
                 from /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/../Graphics/VertexFormat.h:10,
                 from /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/VertexFormat.cpp:9:
In function 'std::char_traits<char>::copy(char*, char const*, unsigned long)',
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_copy(char*, char const*, unsigned long)' at /usr/include/c++/11/bits/basic_string.h:351:21,
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long)' at /usr/include/c++/11/bits/basic_string.tcc:481:20,
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::replace(unsigned long, unsigned long, char const*, unsigned long)' at /usr/include/c++/11/bits/basic_string.h:1946:19,
    inlined from 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::insert(unsigned long, char const*)' at /usr/include/c++/11/bits/basic_string.h:1714:22,
    inlined from 'std::operator+<char, std::char_traits<char>, std::allocator<char> >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&)std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >' at /usr/include/c++/11/bits/basic_string.h:6154:23,
    inlined from 'gte::Logger::Logger(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)' at /builddir/build/BUILD/GeometricTools-GTE-version-5.6/GTE/Graphics/../Mathematics/Logger.h:86:44:
/usr/include/c++/11/bits/char_traits.h:402:56: error: 'memcpy' reading 6 bytes from a region of size 1 [-Werror=stringop-overread]
  402 |         return static_cast<char_type*>(__builtin_memcpy(__s1, __s2, __n));
      |                                        ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~

Comment 6 Ben Cotton 2021-02-09 16:12:44 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 34 development cycle.
Changing version to 34.

Note You need to log in before you can comment on or make changes to this bug.