SQLite User Forum

String-op overread warning with GCC 14.1 at -O3 optimization
Login
Chronological

String-op overread warning with GCC 14.1 at -O3 optimization

(1) By anonymous on 2024-06-19 02:30:48 [link] [source] 

Hi there,

This is mostly a heads-up -- not sure it qualifies as a bug report. Compiling the current amalgamation with GCC 14.1 at -O3 (via a cmake build type of "release") triggers a string overread warning. We hit this on Fedora 40 while compiling our project, which includes the amalgamation, with -Werror:

$ gcc --version
gcc (GCC) 14.1.1 20240607 (Red Hat 14.1.1-5)

$ gcc -c -Wall -Werror -O2 sqlite3.c
$

$ gcc -c -Wall -Werror -O3 sqlite3.c
In function ‘sqlite3Strlen30’,
    inlined from ‘sqlite3ColumnSetColl’ at sqlite3.c:121296:10:
sqlite3.c:34653:28: error: ‘strlen’ reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
34653 |   return 0x3fffffff & (int)strlen(z);
      |                            ^~~~~~~~~
In function ‘sqlite3ColumnSetColl’:
cc1: note: source object is likely at address zero
cc1: all warnings being treated as errors

Best,
Christian

ps: for reference: https://github.com/zeek/zeek/pull/3755/checks?check_run_id=26344882432

(2) By Bo Lindbergh (_blgl_) on 2024-06-19 04:04:25 in reply to 1 [link] [source]

Those line numbers don't match the 3.46.0 release.

(3) By anonymous on 2024-06-19 06:09:53 in reply to 2 [source] 

True, it doesn't matter though. Here's the same for current git master at c7cbcfbb:

$ gcc -c -Wall -Werror -O3 sqlite3.c
In function ‘sqlite3Strlen30’,
    inlined from ‘sqlite3ColumnSetColl’ at sqlite3.c:122172:10:
sqlite3.c:35011:28: error: ‘strlen’ reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
35011 |   return 0x3fffffff & (int)strlen(z);
      |                            ^~~~~~~~~
In function ‘sqlite3ColumnSetColl’:
cc1: note: source object is likely at address zero
cc1: all warnings being treated as errors

Thanks,
Christian

(4) By Bo Lindbergh (_blgl_) on 2024-06-19 09:58:58 in reply to 3 [link] [source]

That seems to be the assignment to nColl in the function sqlite3ColumnSetColl.

GCC isn't smart enough to realise that sqlite3ColumnSetColl is never called with a null zColl argument.

(5) By Richard Hipp (drh) on 2024-06-19 11:11:53 in reply to 1 [link] [source]

My guess is that this is a bug in GCC 14.1.1. GCC 14.1.1 was just released earlier this month.

If this were a real bug, you would think that our ASAN-enabled fuzzers would have picked up on it long, long ago. The code is not new to SQLite.

The Column.zCnName field is a little tricky. See the comment at https://sqlite.org/src/info/76f4bf5adce98a98?ln=2231-2237. The zCnName field holds the concatenation of between one and three separate 0x00-terminated UTF8 strings, depending on what flags are set in Column.colFlags. This weird way of holding three separate text values is an optimization - it reduces both the run-time memory requirements and the CPU requirements for running SQLite.

Perhaps the fact that zCnName is holding multiple concatenated strings is confusing GCC-14.1.1's static analysis? Perhaps GCC is (incorrectly) assuming that all space after the first 0x00 terminator is unallocated space?

(6.1) Originally by anonymous with edits by Richard Hipp (drh) on 2024-06-28 21:03:39 from 6.0 in reply to 5 [link] [source]

Thanks Richard. I created a ticket over in GCC:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115702

Unfortunately I wasn't able to reduce the code to a smaller reproducer -- the warning doesn't come up when I build from individual sources. I tried a few other things, but ran out of time.

Best, Christian

(7) By Richard Hipp (drh) on 2024-06-28 21:03:27 in reply to 6.0 [link] [source]

Thanks for looking into this and for writing up the ticket.

(8) By Richard Hipp (drh) on 2024-06-28 23:46:08 in reply to 6.1 [link] [source]

The 115702 ticket has been marked as a duplicate. The actual GCC ticket for this is https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274.

I made a copy of the sqlite3.c file available for download by the GCC devs, and one of them (Andi Kleen) has reproduced the problem.

(9) By anonymous on 2025-04-03 00:20:41 in reply to 8 [link] [source]

It looks like the GCC folks have concluded that this is in fact due to sqlite code: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115274#c13

Best, Christian