When portage sees a warning caused by '-Wreturn-local-addr', it will emit a notice to the user, asking them to report the bug to the upstream project. The problem is that gcc has a bug that causes this warning to often be a false positive. I noticed this recently with wget, where portages ays: * QA Notice: Package triggers severe warnings which indicate that it * may exhibit random runtime failures. * convert.c:797:1: warning: function may return address of local variable [-Wreturn-local-addr] But wget's code is entirely correct, and this is a false warning. You can check the affected function here: https://gitlab.com/gnuwget/wget/-/blob/master/src/convert.c?ref_type=heads#L741 gcc seems to believe that this function can return the address of "buf", which is a local variable on the stack. However, this is not the case. Returning "buf" is prevented by a check ("if (newname == buf)"). If that's positive, the code path that gcc thinks could return the address of buf is never executed. (In case you want to reproduce this warning, please note that it only shows up with "-O2".) I believe this is this upstream gcc report, with examples of other relevant projects that got hit by these warnings: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93644 (reported in 2020) I think this is a problematic situation. Portage is essentially telling users to report bugs upstream, but the upstream code is correct. It is a bit unfortunate, because these warnings can uncover very real bugs. In cases where this warning is correct it can uncover use-after-return bugs that could expose misbehavior or crashes in applications. I.e. bugs that you really want to fix. (Sidenote here: If you ever come across such a bug type, address sanitizer can detect them at runtime, but this is disabled by default, as it is very slow. It can be enabled by setting the env var ASAN_OPTIONS="detect_stack_use_after_return=1") Of course it would be best if gcc would avoid the false positives, but looking at the gcc bug's history, I don't expect that to happen any time soon. I think the portage QA notice should be silenced for now. Possibly commented out with a comment referencing the gcc bug and saying this should be re-enabled once a fix landed in a stable gcc version.
Yes, unfortunately, I have to agree :( They're really useful warnings, but they can't be trusted right now for the level we need in the Portage QA check. I'll drop them, and any others I am aware of GCC bugs for.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=9a06b7210562b8d03577cd4043227ea2023db1f2 commit 9a06b7210562b8d03577cd4043227ea2023db1f2 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-25 08:13:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-25 08:15:18 +0000 bin/install-qa-check.d: 90gcc-warnings: drop GCC warnings with known (heavy) FPs Drop -Wstringop-overflow, -Wstringop-overread, -Wstringop-truncation, -Waddress, and -Wreturn-local-addr for now because they cause too many FPs. We want only reliable warnings for this Portage QA check as we encourage people to report these upstream. Bug: https://gcc.gnu.org/PR88443 Bug: https://gcc.gnu.org/PR88781 Bug: https://gcc.gnu.org/PR93644 Bug: https://gcc.gnu.org/PR97048 Bug: https://gcc.gnu.org/PR103360 Bug: https://bugs.gentoo.org/925460 Signed-off-by: Sam James <sam@gentoo.org> NEWS | 2 ++ bin/install-qa-check.d/90gcc-warnings | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ad9d3103abc02f60d9e123ae21fa4a2e69b7e38 commit 6ad9d3103abc02f60d9e123ae21fa4a2e69b7e38 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-25 08:32:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-25 08:32:47 +0000 sys-apps/portage: add 3.0.63 Closes: https://bugs.gentoo.org/925214 Closes: https://bugs.gentoo.org/651018 Closes: https://bugs.gentoo.org/922935 Closes: https://bugs.gentoo.org/925240 Closes: https://bugs.gentoo.org/925311 Closes: https://bugs.gentoo.org/925333 Closes: https://bugs.gentoo.org/925350 Closes: https://bugs.gentoo.org/925456 Closes: https://bugs.gentoo.org/925460 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-3.0.63.ebuild | 246 +++++++++++++++++++++++++++++++++ 2 files changed, 247 insertions(+)