954 ubsan tinystring

[ThisIsFineTM]

Making undefined behavior sanitizer happy with tinyString.h

Closes #954

[kelson42]

I can not merge it as CI does not pass

https://github.com/openzim/libzim/actions/runs/13341527314/job/37276707142?pr=955 seems related to this PR

[ThisIsFineTM]

Putting the error messages here to consolidate information. I'll spin up local containers to test this and add it to my local testing procedure while I investigate / put in a fix. I just find it strange that it works on apple arm, doesn't work on regular arm, works on local fedora (gcc and clang), works on focal(22.04LTS)/jammy(20.04LTS) ubuntu, but doesn't work on ubuntu noble(24.04). Spending some time on this and if I can't figure it out I'll take out the template / noexecpt version for the simpler one so we can move on.

Packages / build-deb (ubuntu-noble)

FAILED: test/tinyString.p/tinyString.cpp.o 
c++ -Itest/tinyString.p -Iinclude -I../include -Isrc -I../src -fdiagnostics-color=always -Wall -Winvalid-pch -Werror -std=c++17 -D_LARGEFILE64_SOURCE=1 -D_FILE_OFFSET_BITS=64 -DLIBZIM_EXPORT_PRIVATE_DLL -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/github/workspace=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection '-fdebug-prefix-map=/github/workspace=/usr/src/libzim-9.2.3+git202502150353.094edb0~noble' -Wdate-time -D_FORTIFY_SOURCE=3 -DGTEST_HAS_PTHREAD=1 -pthread -DWITH_TEST_DATA=0 -MD -MQ test/tinyString.p/tinyString.cpp.o -MF test/tinyString.p/tinyString.cpp.o.d -o test/tinyString.p/tinyString.cpp.o -c ../test/tinyString.cpp
In file included from ../test/../src/writer/tinyString.h:23,
                 from ../test/tinyString.cpp:22:
In function ‘zim::safe_memcmp<char>(char const*, char const*, unsigned long)int’,
    inlined from ‘zim::writer::TinyString::operator<(zim::writer::TinyString const&) const’ at ../test/../src/writer/tinyString.h:74:39,
    inlined from ‘(anonymous namespace)::TinyStringTest_chars_Test::TestBody()’ at ../test/tinyString.cpp:65:3:
../test/../src/writer/../tools.h:83:46: error: ‘memcmp’ specified bound [1, 65534] exceeds source size 0 [-Werror=stringop-overread]
   83 |       return (count == 0UL) ? 0 : std::memcmp(lhs, rhs, count);
      |                                   ~~~~~~~~~~~^~~~~~~~~~~~~~~~~
In function ‘zim::safe_memcmp<char>(char const*, char const*, unsigned long)int’,
    inlined from ‘zim::writer::TinyString::operator<(zim::writer::TinyString const&) const’ at ../test/../src/writer/tinyString.h:74:39,
    inlined from ‘(anonymous namespace)::TinyStringTest_chars_Test::TestBody()’ at ../test/tinyString.cpp:70:3:
../test/../src/writer/../tools.h:83:46: error: ‘memcmp’ specified bound [1, 65534] exceeds source size 0 [-Werror=stringop-overread]
   83 |       return (count == 0UL) ? 0 : std::memcmp(lhs, rhs, count);
      |                                   ~~~~~~~~~~~^~~~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors

Linux (linux-aarch64-dyn, true)
Linux (linux-aarch64-dyn, false)

 /home/runner/BUILD_neutral/TOOLCHAINS/aarch64/bin/aarch64-linux-gnu-g++ -Isrc/libzim.so.9.2.3.p -Isrc -I../src -Iinclude -I../include -Istatic -I/home/runner/BUILD_aarch64-linux-gnu/INSTALL/include -fdiagnostics-color=always -Wall -Winvalid-pch -Werror -std=c++17 -O0 -g -D_LARGEFILE64_SOURCE=1 -D_FILE_OFFSET_BITS=64 -DLIBZIM_EXPORT_PRIVATE_DLL -fPIC -pthread -MD -MQ src/libzim.so.9.2.3.p/archive.cpp.o -MF src/libzim.so.9.2.3.p/archive.cpp.o.d -o src/libzim.so.9.2.3.p/archive.cpp.o -c ../src/archive.cpp
In file included from ../src/archive.cpp:29:0:
../src/tools.h:81:78: error: ‘nodiscard’ attribute directive ignored [-Werror=attributes]
   int safe_memcmp(T const *const lhs, T const *const rhs, std::size_t count) noexcept
                                                                              ^~~~~~~~

Edit:

WRT the stringop-overread errors on ubuntu-noble:
This might actually be an issue with gcc?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101361
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111499
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100680
https://gitlab.com/wireshark/wireshark/-/issues/18090

Solution: explicitly add nullptr checks to make the problem compiler happy.

WRT the aarch64 errors:
It looks like the compiler toolchain on arm doesn't have support for the nodiscard attribute. Its a C++17 feature, so apparently the toolchain on the arm runner's C++17 support is incomplete.

Solution: remove [[nodiscard]].

I'll apply the current candidate solutions, squash, and monitor the CI runs to see if that does the trick.

[ThisIsFineTM]

@kelson42 I applied fixes but was unable to reproduce the errors locally. I need to spend some time fighting SELinux on my system. Would you mind kicking off another CI run to see if those fixes worked? Thanks.