test: format-truncation warning in dbwrapper_tests #27014

Compiling master at e1bf5470f919cf212703466411968916db8ae61f on Ubuntu 22.10 (with depends):

  CXX      test/test_bitcoin-dbwrapper_tests.o
test/dbwrapper_tests.cpp: In member function ‘void dbwrapper_tests::iterator_string_ordering::test_method()’:
test/dbwrapper_tests.cpp:365:41: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 10 [-Werror=format-truncation=]
  365 |             snprintf(buf, sizeof(buf), "%d", x);
      |                                         ^~
test/dbwrapper_tests.cpp:365:40: note: directive argument in the range [-2147483648, 9]
  365 |             snprintf(buf, sizeof(buf), "%d", x);
      |                                        ^~~~
In file included from /usr/include/stdio.h:906,
                 from /usr/include/c++/12/cstdio:42,
                 from /usr/include/c++/12/ext/string_conversions.h:43,
                 from /usr/include/c++/12/bits/basic_string.h:3960,
                 from /usr/include/c++/12/string:53,
                 from ./clientversion.h:30,
                 from ./dbwrapper.h:8,
                 from test/dbwrapper_tests.cpp:5:
In function ‘int snprintf(char*, size_t, const char*, ...)’,
    inlined from ‘void dbwrapper_tests::iterator_string_ordering::test_method()’ at test/dbwrapper_tests.cpp:365:21:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:54:35: note: ‘__builtin___snprintf_chk’ output between 2 and 12 bytes into a destination of size 10
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   55 |                                    __glibc_objsize (__s), __fmt,
      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   56 |                                    __va_arg_pack ());
      |                                    ~~~~~~~~~~~~~~~~~

(I ran with --enable-werror, otherwise it's merely a warning)

cc @achow101

Not seeing this at all. What compiler version are you using?

I can't reproduce it, either.

1. Started a clean image of Ubuntu 22.10
2. Cloned bitcoin repo
3. sudo apt-get update
4. sudo apt-get install make automake cmake curl g++-multilib libtool binutils bsdmainutils pkg-config python3 patch bison
5. cd depends && make NO_QT=1 -j8 && cd ..
6. ./autogen.sh && CONFIG_SITE=$PWD/depends/x86_64-pc-linux-gnu/share/config.site ./configure --enable-werror
7. make -j8

Here's my configure output:

Build Options:
  with external callbacks = no
  with benchmarks         = no
  with tests              = yes
  with coverage           = no
  with examples           = no
  module ecdh             = no
  module recovery         = yes
  module extrakeys        = yes
  module schnorrsig       = yes

  asm                     = x86_64
  ecmult window size      = 15
  ecmult gen prec. bits   = 4

  valgrind                = no
  CC                      = gcc -m64
  CPPFLAGS                =  -I/home/ubuntu/bitcoin/depends/x86_64-pc-linux-gnu/include/ 
  SECP_CFLAGS             = -O2  -std=c89 -pedantic -Wno-long-long -Wnested-externs -Wshadow -Wstrict-prototypes -Wundef -Wno-overlength-strings -Wall -Wno-unused-function -Wextra -Wcast-align -Wcast-align=strict -fvisibility=hidden 
  CFLAGS                  = -pipe -std=c11 -O2 
  LDFLAGS                 = -L/home/ubuntu/bitcoin/depends/x86_64-pc-linux-gnu/lib 

Options used to compile and link:
  external signer = yes
  multiprocess    = no
  with experimental syscall sandbox support = yes
  with libs       = yes
  with wallet     = yes
    with sqlite   = yes
    with bdb      = yes
  with gui / qt   = no
  with zmq        = yes
  with test       = yes
  with fuzz binary = yes
  with bench      = yes
  with upnp       = yes
  with natpmp     = yes
  use asm         = yes
  USDT tracing    = yes
  sanitizers      = 
  debug enabled   = no
  gprof enabled   = no
  werror          = yes
  LTO             = no

  target os       = linux-gnu
  build os        = linux-gnu

  CC              = gcc -m64
  CFLAGS          = -pthread -pipe -std=c11 -O2 
  CPPFLAGS        =   -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2  -DHAVE_BUILD_INFO -DPROVIDE_FUZZ_MAIN_FUNCTION -I/home/ubuntu/bitcoin/depends/x86_64-pc-linux-gnu/include/ 
  CXX             = g++ -m64 -std=c++17
  CXXFLAGS        =    -fstack-reuse=none -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection   -Werror   -fno-extended-identifiers -pipe -std=c++17 -O2 
  LDFLAGS         =  -lpthread  -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -pie   -L/home/ubuntu/bitcoin/depends/x86_64-pc-linux-gnu/lib 
  AR              = ar
  ARFLAGS         = cr

Could you provide your configure output?

ldd --version
ldd (Ubuntu GLIBC 2.36-0ubuntu4) 2.36

As for the actual warning, it makes some sense and likely can be fixed (among several other ways) just by making x an unsigned int on line 363.

• ldd (Ubuntu GLIBC 2.36-0ubuntu4) 2.36
• gcc (Ubuntu 12.2.0-3ubuntu1) 12.2.0

I narrowed it down to compiling with sanitizers (I assumed those only impacted run time):

./configure --prefix=/home/sjors/dev/bitcoin-depends/depends/x86_64-pc-linux-gnu --enable-werror --enable-suppress-external-warnings --enable-debug  --with-sanitizers=address,undefined --disable-asm --without-gui

Build Options:
  with external callbacks = no
  with benchmarks         = no
  with tests              = yes
  with coverage           = no
  with examples           = no
  module ecdh             = no
  module recovery         = yes
  module extrakeys        = yes
  module schnorrsig       = yes

  asm                     = x86_64
  ecmult window size      = 15
  ecmult gen prec. bits   = 4

  valgrind                = no
  CC                      = gcc -m64
  CPPFLAGS                =  -D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC -D_LIBCPP_DEBUG=1 -I/home/sjors/dev/bitcoin-depends/depends/x86_64-pc-linux-gnu/include/ 
  SECP_CFLAGS             = -O2  -std=c89 -pedantic -Wno-long-long -Wnested-externs -Wshadow -Wstrict-prototypes -Wundef -Wno-overlength-strings -Wall -Wno-unused-function -Wextra -Wcast-align -Wcast-align=strict -fvisibility=hidden 
  CFLAGS                  = -pipe -std=c11 -O1 
  LDFLAGS                 = -L/home/sjors/dev/bitcoin-depends/depends/x86_64-pc-linux-gnu/lib 

Options used to compile and link:
  external signer = yes
  multiprocess    = no
  with experimental syscall sandbox support = no
  with libs       = yes
  with wallet     = yes
    with sqlite   = yes
    with bdb      = yes
  with gui / qt   = no
  with zmq        = yes
  with test       = yes
  with fuzz binary = yes
  with bench      = yes
  with upnp       = yes
  with natpmp     = yes
  use asm         = no
  USDT tracing    = yes
  sanitizers      = address,undefined
  debug enabled   = yes
  gprof enabled   = no
  werror          = yes
  LTO             = no

  target os       = linux-gnu
  build os        = linux-gnu

  CC              = /usr/bin/ccache gcc -m64
  CFLAGS          = -pthread -pipe -std=c11 -O1 
  CPPFLAGS        =  -DDEBUG -DDEBUG_LOCKORDER -DDEBUG_LOCKCONTENTION -DRPC_DOC_CHECK -DABORT_ON_FAILED_ASSUME -fmacro-prefix-map=$(abs_top_srcdir)=.   -DHAVE_BUILD_INFO -DPROVIDE_FUZZ_MAIN_FUNCTION -D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC -D_LIBCPP_DEBUG=1 -I/home/sjors/dev/bitcoin-depends/depends/x86_64-pc-linux-gnu/include/ 
  CXX             = /usr/bin/ccache g++ -m64 -std=c++17
  CXXFLAGS        =   -O0 -g3 -ftrapv -fdebug-prefix-map=$(abs_top_srcdir)=.  -fstack-reuse=none -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection   -Werror   -fno-extended-identifiers -pipe -std=c++17 -O1 
  LDFLAGS         =  -lpthread  -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -pie   -L/home/sjors/dev/bitcoin-depends/depends/x86_64-pc-linux-gnu/lib 
  AR              = ar
  ARFLAGS         = cr

Managed to recreate by making depends with DEBUG=1, which adds -D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC -D_LIBCPP_DEBUG=1 to the CPPFLAGS when configuring bitcoin, then running with your configure options.

This is really bizarre. I made a simple test file with the same behavior and tried to compile it on the Ubuntu instance.

ubuntu@:~/bitcoin$ g++ t.cpp -o t.bin -fsanitize=undefined 
ubuntu@:~/bitcoin$ g++ t.cpp -o t.bin -fsanitize=undefined -O1 
t.cpp: In function ‘int main()’:
t.cpp:11:41: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 9 [-Wformat-truncation=]
   11 |             snprintf(buf, sizeof(buf), "%d", x);
      |                                         ^~
t.cpp:11:40: note: directive argument in the range [-2147483648, 9]
   11 |             snprintf(buf, sizeof(buf), "%d", x);
      |                                        ^~~~
In file included from /usr/include/stdio.h:906,
                 from t.cpp:1:
In function ‘int snprintf(char*, size_t, const char*, ...)’,
    inlined from ‘int main()’ at t.cpp:11:21:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:54:35: note: ‘__builtin___snprintf_chk’ output between 2 and 12 bytes into a destination of size 9
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   55 |                                    __glibc_objsize (__s), __fmt,
      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   56 |                                    __va_arg_pack ());
      |                                    ~~~~~~~~~~~~~~~~~

Compiles fine without -O1, but gives the warning with it.

Anyway, I can confirm that changing it to an unsigned int fixes the issue.

I think the explanation at #27027 sheds light on most of this. Another interesting behavior is that the warning is only emitted for the combination of -fsanitize=undefined and optimization level -O1 (not -O2, -Ofast, etc.). I suppose the offending code is changed before the check in those cases?