Open omarandlorraine opened 7 months ago
Hmmm.... I checked the automated runner builds which uses Ubuntu for Linux builds (obviously Debian based) and these warnings do show in that log, so not doing a good job catching them. They don't seem to appear on other platforms though even when clang is in use. I agree it looks concerning though so it should be investigated.
I brought this issue up in our Discord, and Luke found the following:
It’s the copy loop in the string allocator. If you replace it with a memcpy the error goes away; but there’s a note in the code that manually looping is faster May be able to fix it with min around the length calculation memory::copy(_data, _temp, SSO); The compiler doesn’t like that we allocate data and then copy SSO bytes to it rather than checking the length of data If you swap the SSO length argument for a min of SSO and the byte capacity of data it goes away
So there doesn't seem to be any real issue with the code as written, and just using min around the length calculation should be enough to prevent the warning from occurring.
Describe the bug I'm getting some concerning-looking compiler warnings when I build the project.
To Reproduce Steps to reproduce the behavior:
make
Expected behavior I expected the project to compile cleanly, especially since a cursory glance over the source, it appears to be well-written, and modern C++.
Screenshots Not a screenshot exactly, but here's one of the warnings, and there are a few others like it.
So it looks like where's going to get a buffer over-run at runtime.
Some of the warnings are coming from third party things like libco and sljit. I'm not sure if we have a policy here for keeping the diff to upstream minimal, or if there's another reason to let this be?
Additional context My compiler is Debian clang version 14.0.6, in case that matters
I see there has already been some effort to fix some warnings (see #1295), but apparently some remain. Maybe because I am building for a system no-one else is building it on (Debian Linux). Would the project accept a pull-request that enables
-Wall -Wextra
or whatever to get this kind of thing tidied up, and perhaps a CI/CD pipeline to ensure compliance in future pull-requests?