Bug#1029970: [wish] Please silence intentional unsigned overflow in an libstdc++ header
Package: libstdc++-12-dev
Version: 12.2.0-14
Severity: wishlist
Tags: upstream patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear maintainer.
As everyone knows, unsigned integer overflow is well-defined in C and C++.
However, there are situations where you *know* that a particular code
should not have any overflows. To catch them, there's Integer Sanitizer
in clang (`-fsanitize=integer`).
Unfortunately as one would expect, while some might want to have no
unsigned overflows, others may very well depend on the defined behaviour.
As is the case, the GCC, and in particular libstdc++ fall into the
latter category.
I believe in the version 12, a new instance of such intentional wraparound
was introduced into libstdc++: https://godbolt.org/z/rq153fxKW
Running this on a debian machine, we get:
```
/usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:483:51: runtime error: unsigned integer overflow: 4 - 6 cannot be represented in type 'size_type' (aka 'unsigned long')
#0 0x55e69e5b6818 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_S_compare(unsigned long, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:483:51
#1 0x55e69e5b6818 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) const /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:3150:10
<...>
```
I understand that they are intentionally doing this. The problem is that
it is happening in a header, so it's effectively dictating everyone
that they should not use that sanitizer.
Silencing this kind of thing from user side is possible,
but it's somewhat cumbersome: it requires compiling with
`-fsanitize-recover=integer`, and supplying a run-time suppressions file.
On the other hand, suppressing this in-source is trivial:
https://godbolt.org/z/E7sEnvvrT
... all it would take is applying
`__attribute__((no_sanitize("unsigned-integer-overflow")))`
to `_S_compare` on line 483 in `basic_string.h`.
I have tried that locally, and it works, but it seems it needs to be
wrapped into `#if defined(__clang__)` preprocessor check:
https://godbolt.org/z/5a7ox4EWv
Dear maintainer, please consider applying this patch,
and consider forwarding it upstream.
Roman.
- -- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'unstable-debug'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-2-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libstdc++-12-dev depends on:
ii gcc-12-base 12.2.0-14
ii libc6-dev 2.36-8
ii libgcc-12-dev 12.2.0-14
ii libstdc++6 12.2.0-14
libstdc++-12-dev recommends no packages.
Versions of packages libstdc++-12-dev suggests:
pn libstdc++-12-doc <none>
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+UikBxeiu50LOdFYgbqkFMWfZdAFAmPWv9sACgkQgbqkFMWf
ZdDXHw/7BfXFovQYmmUymalS+ZKNl9IrH3akaVTqkCVg7bRzf2NufD2SnKUX28bL
Z/yTPLalpYeALBpyqmaM1f3I0ofWXd3m1sRdwNCAMMNY91prQ5tUSNAVcDnT4d73
bsHLGZhGvyDapwD2yuTrdLawNtSgUXlzzi5Z9JppTQEglBO9e24dAtKiO852GbjN
DicPPzqkdE12t8sAnH/i0FKzw6qi3UgACOP+yu7lI5eSWHWk0nJVdQWAJs80SOO+
R7C/BGxYuASBqbVh4pWZ/zSzdccef7Iwd4dQUGlR/rkXKXTZqycFYln9WB3ucHDC
gqFjWlYG6qE5oeMKfsEWJ2dJRzmAN/0ROMQ33nN3/q1Wv9AT6xPL+Uz2kmJLy/JB
4b8ijQdccjIj/CtlaqpnTXN2xfIJeBBuFwSClEXI1N/THeZavl4xg4hzJm6nCyut
4G6Tr8iiWdehrJtfjG5YdZTzY4Gwnz9rdAYQFz7JmZTV0ItA039a2hPJo+hhcGgO
eLK9QrSV2tq0aZc/ZW21vtugSTaeKnnaavwtY3/kdNM0QPxDyHVraGur9v5WD5p9
huVUUcHJzplwNETquXssscllQtvVHpB1IoO5BsRbjJLo0II3WNfndQYKjVR7CvJi
n8VXe5Mcso6zOkKDqjwAGksIZooB/CFBktKF+D7jdmzSLYHZzIU=
=eJu/
-----END PGP SIGNATURE-----
Reply to: