Skip to content

http: silence -Warray-bounds with gcc 13+#18030

Closed
vszakats wants to merge 1 commit intocurl:masterfrom
vszakats:bogus-gcc-warning-1
Closed

http: silence -Warray-bounds with gcc 13+#18030
vszakats wants to merge 1 commit intocurl:masterfrom
vszakats:bogus-gcc-warning-1

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Jul 25, 2025
edited
Loading

This became an issue after promoting curl compiler warnings to errors in
curl-for-win. The code is correct. It over-allocates a struct to store
variable sized data past its length. Similar code is present in
lib/smb.c, silenced earlier.

Seen in linux-musl-debian-testing-gcc curl-for-win builds, gcc 14.2.0,
RISC-V (but not amd64/aarch64), unity, debian:testing (trixie):

musl:

In file included from /curl/_r64-linux-musl-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:184:
In function 'Curl_http_req_make',
    inlined from 'Curl_http_proxy_create_CONNECT' at /curl/lib/http_proxy.c:252:12:
/curl/lib/http.c:4373:3: error: 'memcpy' offset [137, 142] from the object at 'req' is out of the bounds of referenced subobject 'method' with type 'char[1]' at offset 136 [-Werror=array-bounds=]
 4373 |   memcpy(req->method, method, m_len);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /curl/lib/urldata.h:182,
                 from /curl/lib/altsvc.c:32,
                 from /curl/_r64-linux-musl-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:4:
/curl/lib/http.h: In function 'Curl_http_proxy_create_CONNECT':
/curl/lib/http.h:230:8: note: subobject 'method' declared here
  230 |   char method[1];
      |        ^~~~~~

Ref: https://github.com/curl/curl/actions/runs/16527769182/job/46745369844?pr=18025#step:3:5798
Ref: https://github.com/curl/curl-for-win/actions/runs/16525969694/job/46739239206#step:3:5958

glibc (with unity batch):

In file included from /usr/riscv64-linux-gnu/include/string.h:548,
                 from /curl/lib/curl_setup_once.h:33,
                 from /curl/lib/curl_setup.h:823,
                 from /curl/lib/http.c:25,
                 from /curl/_r64-linux-gnu-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_2_c.c:4:
In function 'memcpy',
    inlined from 'Curl_http_req_make' at /curl/lib/http.c:4373:3,
    inlined from 'Curl_http_proxy_create_CONNECT' at /curl/lib/http_proxy.c:252:12:
/usr/riscv64-linux-gnu/include/bits/string_fortified.h:29:10: error: '__builtin_memcpy' offset [137, 142] from the object at 'req' is out of the bounds of referenced subobject 'method' with type 'char[1]' at offset 136 [-Werror=array-bounds=]
   29 |   return __builtin___memcpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   30 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /curl/lib/urldata.h:182,
                 from /curl/lib/http.c:50:
/curl/lib/http.h: In function 'Curl_http_proxy_create_CONNECT':
/curl/lib/http.h:230:8: note: subobject 'method' declared here
  230 |   char method[1];
      |        ^~~~~~

Ref: https://github.com/curl/curl-for-win/actions/runs/16538174468/job/46775731055#step:3:5936

Ref: curl/curl-for-win@f45df09
Follow-up to 14f26f5 #16187
Cherry-picked from #18025

@vszakats
http: silence bogus gcc 13+ warning
dbeeb68 
Same case as in smb.c silenced earlier.

```
n file included from /home/runner/work/curl/curl/curl/_r64-linux-musl-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:184:
In function 'Curl_http_req_make',
    inlined from 'Curl_http_proxy_create_CONNECT' at /home/runner/work/curl/curl/curl/lib/http_proxy.c:252:12:
/home/runner/work/curl/curl/curl/lib/http.c:4373:3: error: 'memcpy' offset [137, 142] from the object at 'req' is out of the bounds of referenced subobject 'method' with type 'char[1]' at offset 136 [-Werror=array-bounds=]
 4373 |   memcpy(req->method, method, m_len);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/runner/work/curl/curl/curl/lib/urldata.h:182,
                 from /home/runner/work/curl/curl/curl/lib/altsvc.c:32,
                 from /home/runner/work/curl/curl/curl/_r64-linux-musl-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:4:
/home/runner/work/curl/curl/curl/lib/http.h: In function 'Curl_http_proxy_create_CONNECT':
/home/runner/work/curl/curl/curl/lib/http.h:230:8: note: subobject 'method' declared here
  230 |   char method[1];
      |        ^~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/16527769182/job/46745369844?pr=18025#step:3:5798

Follow-up to 14f26f5 curl#16187
@vszakats vszakats added the build label Jul 25, 2025
@github-actions github-actions bot added the HTTP label Jul 25, 2025
@vszakats vszakats changed the title http: silence bogus gcc 13+ compiler warning http: silence bogus GCC 13+ compiler warning Jul 25, 2025
@vszakats vszakats changed the title http: silence bogus GCC 13+ compiler warning http: silence -Warray-bounds with gcc 13+ Jul 25, 2025
@vszakats vszakats closed this in 054f69f Jul 26, 2025
@vszakats vszakats deleted the bogus-gcc-warning-1 branch July 26, 2025 11:45
vszakats added a commit to curl/curl-for-win that referenced this pull request Aug 23, 2025
@vszakats
curl.patch: apply upstream patch to fix r64 gcc build [ci skip]
e35548b 
curl/curl#18030
curl/curl@054f69f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build HTTP

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vszakats