Re: GCC 8 warnings
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andres Freund <andres@anarazel.de>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Devrim Gündüz <devrim@gunduz.org>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2018-06-16T17:29:55Z
Lists: pgsql-hackers
Attachments
- no-truncation-warnings.patch (text/x-diff) patch
Andres Freund <andres@anarazel.de> writes:
> On 2018-04-28 12:16:39 -0400, Tom Lane wrote:
>> In the meantime, I think our response to GCC 8 should just be to
>> enable -Wno-format-truncation. Certainly so in the back branches.
>> There isn't one of these changes that is actually fixing a bug,
>> which to me says that that warning is unhelpful.
> Agreed. Or at least turn down its aggressiveness to the cases where it's
> actually sure truncation happens.
I got around to poking into this today. Unfortunately, it doesn't seem
that there's any more-conservative level of -Wformat-truncation available.
Likewise for -Wstringop-truncation, which is the other rich new source
of useless warnings (it appears to be predicated on the assumption that
you never actually want the defined semantics of strncpy). Hence,
I propose the attached patch to disable these warnings if the compiler
knows the switch for them. I did not turn them off for CXX though;
anyone think there's a need to?
Testing with Fedora 28's gcc (currently 8.1.1), this leaves three new
warnings, which seem worth fixing. Two of them are gratuitous use of
strncpy where memcpy would serve, in ecpg, and one is an sprintf in
pg_waldump that should be snprintf for safety's sake:
common.c: In function 'pgtypes_fmt_replace':
common.c:48:5: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(*output, replace_val.str_val, i + 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
common.c:42:8: note: length computed here
i = strlen(replace_val.str_val);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'get_char_item',
inlined from 'ECPGget_desc' at descriptor.c:334:10:
descriptor.c:221:6: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(variable->arr, value, strlen(value));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compat.c: In function 'timestamptz_to_str':
compat.c:61:19: warning: '%06d' directive writing between 6 and 7 bytes into a region of size between 0 and 128 [-Wformat-overflow=]
sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
^~~~
compat.c:61:15: note: directive argument in the range [-999999, 999999]
sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
^~~~~~~~~~~~
compat.c:61:2: note: 'sprintf' output between 9 and 266 bytes into a destination of size 129
sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Probably all of this ought to be back-patched as applicable, since
people will doubtless try to compile back branches with gcc 8.
regards, tom lane
Commits
-
Use -Wno-format-truncation and -Wno-stringop-truncation, if available.
- ec5547e563a8 9.3.24 landed
- e716585235b1 11.0 landed
- 817d605e411f 9.4.19 landed
- 416e3e318cc4 10.5 landed
- 14b69a532197 9.5.14 landed
- 119290be6fe3 9.6.10 landed
-
Avoid unnecessary use of strncpy in a couple of places in ecpg.
- 537d7f3e1875 9.3.24 landed
- cd56194d189d 9.4.19 landed
- 8b444a353975 9.5.14 landed
- 58065f9eed68 9.6.10 landed
- 8c924855456e 10.5 landed
- 6b74f5eaadc4 11.0 landed
-
Use snprintf not sprintf in pg_waldump's timestamptz_to_str.
- fd079dd0915a 9.4.19 landed
- f3be5d3e7891 9.5.14 landed
- 8870e2978fc5 9.6.10 landed
- 5d923eb29bb6 11.0 landed
- 3243cbc085b8 9.3.24 landed
- 18933261589c 10.5 landed