Package: libstdc++-12-dev Version: 12.2.0-14 Severity: wishlist Tags: upstream patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear maintainer. As everyone knows, unsigned integer overflow is well-defined in C and C++. However, there are situations where you *know* that a particular code should not have any overflows. To catch them, there's Integer Sanitizer in clang (`-fsanitize=integer`). Unfortunately as one would expect, while some might want to have no unsigned overflows, others may very well depend on the defined behaviour. As is the case, the GCC, and in particular libstdc++ fall into the latter category. I believe in the version 12, a new instance of such intentional wraparound was introduced into libstdc++: https://godbolt.org/z/rq153fxKW Running this on a debian machine, we get: ``` /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:483:51: runtime error: unsigned integer overflow: 4 - 6 cannot be represented in type 'size_type' (aka 'unsigned long') #0 0x55e69e5b6818 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::_S_compare(unsigned long, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:483:51 #1 0x55e69e5b6818 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::compare(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) const /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:3150:10 <...> ``` I understand that they are intentionally doing this. The problem is that it is happening in a header, so it's effectively dictating everyone that they should not use that sanitizer. Silencing this kind of thing from user side is possible, but it's somewhat cumbersome: it requires compiling with `-fsanitize-recover=integer`, and supplying a run-time suppressions file. On the other hand, suppressing this in-source is trivial: https://godbolt.org/z/E7sEnvvrT ... all it would take is applying `__attribute__((no_sanitize("unsigned-integer-overflow")))` to `_S_compare` on line 483 in `basic_string.h`. I have tried that locally, and it works, but it seems it needs to be wrapped into `#if defined(__clang__)` preprocessor check: https://godbolt.org/z/5a7ox4EWv Dear maintainer, please consider applying this patch, and consider forwarding it upstream. Roman. - -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'unstable-debug'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-2-amd64 (SMP w/32 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libstdc++-12-dev depends on: ii gcc-12-base 12.2.0-14 ii libc6-dev 2.36-8 ii libgcc-12-dev 12.2.0-14 ii libstdc++6 12.2.0-14 libstdc++-12-dev recommends no packages. Versions of packages libstdc++-12-dev suggests: pn libstdc++-12-doc <none> - -- no debconf information -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+UikBxeiu50LOdFYgbqkFMWfZdAFAmPWv9sACgkQgbqkFMWf ZdDXHw/7BfXFovQYmmUymalS+ZKNl9IrH3akaVTqkCVg7bRzf2NufD2SnKUX28bL Z/yTPLalpYeALBpyqmaM1f3I0ofWXd3m1sRdwNCAMMNY91prQ5tUSNAVcDnT4d73 bsHLGZhGvyDapwD2yuTrdLawNtSgUXlzzi5Z9JppTQEglBO9e24dAtKiO852GbjN DicPPzqkdE12t8sAnH/i0FKzw6qi3UgACOP+yu7lI5eSWHWk0nJVdQWAJs80SOO+ R7C/BGxYuASBqbVh4pWZ/zSzdccef7Iwd4dQUGlR/rkXKXTZqycFYln9WB3ucHDC gqFjWlYG6qE5oeMKfsEWJ2dJRzmAN/0ROMQ33nN3/q1Wv9AT6xPL+Uz2kmJLy/JB 4b8ijQdccjIj/CtlaqpnTXN2xfIJeBBuFwSClEXI1N/THeZavl4xg4hzJm6nCyut 4G6Tr8iiWdehrJtfjG5YdZTzY4Gwnz9rdAYQFz7JmZTV0ItA039a2hPJo+hhcGgO eLK9QrSV2tq0aZc/ZW21vtugSTaeKnnaavwtY3/kdNM0QPxDyHVraGur9v5WD5p9 huVUUcHJzplwNETquXssscllQtvVHpB1IoO5BsRbjJLo0II3WNfndQYKjVR7CvJi n8VXe5Mcso6zOkKDqjwAGksIZooB/CFBktKF+D7jdmzSLYHZzIU= =eJu/ -----END PGP SIGNATURE-----