I am trying to submit a package on CRAN, and everything passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: * checking whether package ?QCA? can be installed ... [35s/35s] WARNING Found the following significant warnings: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated copying 12 bytes from a string of length 79 [-Wstringop-truncation] See ?/srv/hornik/tmp/CRAN/QCA.Rcheck/00install.out? for details. I know the cause of this: using a cursomized version of some external C library, coupled with <SystemRequirements: GNU make> in the Description. But I do not know hot to get past this warning, since it refers to a builtin GCC function strncpy. As far as I read, this should be solved by a simple GCC upgrade to the newest version, but that is something outside my code base, since GCC resides on the CRAN servers. In the meantime, to get the package published, did anyone encountered a similar problem? If so, is there a workaround? ? Adrian Dusa University of Bucharest Romanian Social Data Archive Soseaua Panduri nr. 90-92 050663 Bucharest sector 5 Romania https://adriandusa.eu
GCC warning
4 messages · Adrian Dusa, Simon Urbanek, Brian Ripley
Adrian, newer compilers are better at finding bugs - you may want to read the full trace of the error, it tells you that you likely have a memory overflow when using strncpy() in your package. You should check whether it is right. Unfortunately we can?t help you more specifically, because I don't see any link to what you submitted so can?t look at the code involved. Cheers, Simon
On May 22, 2020, at 7:25 PM, Adrian Du?a <dusa.adrian at gmail.com> wrote: I am trying to submit a package on CRAN, and everything passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: * checking whether package ?QCA? can be installed ... [35s/35s] WARNING Found the following significant warnings: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated copying 12 bytes from a string of length 79 [-Wstringop-truncation] See ?/srv/hornik/tmp/CRAN/QCA.Rcheck/00install.out? for details. I know the cause of this: using a cursomized version of some external C library, coupled with <SystemRequirements: GNU make> in the Description. But I do not know hot to get past this warning, since it refers to a builtin GCC function strncpy. As far as I read, this should be solved by a simple GCC upgrade to the newest version, but that is something outside my code base, since GCC resides on the CRAN servers. In the meantime, to get the package published, did anyone encountered a similar problem? If so, is there a workaround? ? Adrian Dusa University of Bucharest Romanian Social Data Archive Soseaua Panduri nr. 90-92 050663 Bucharest sector 5 Romania https://adriandusa.eu
______________________________________________ R-devel at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
On 23/05/2020 07:38, Simon Urbanek wrote:
Adrian, newer compilers are better at finding bugs - you may want to read the full trace of the error, it tells you that you likely have a memory overflow when using strncpy() in your package. You should check whether it is right. Unfortunately we can?t help you more specifically, because I don't see any link to what you submitted so can?t look at the code involved.
NB: debian-gcc on CRAN does have the latest version of gcc (10.1) and the link would likely have given fuller details (such links are provided on CRAN report pages but I do not know for submissions). gcc does sometimes give false alarms here (there is one for R with gcc >= 9 and another for gcc >= 10) but see https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/ . Most can easily be workaround by cleaner code.
Cheers, Simon
On May 22, 2020, at 7:25 PM, Adrian Du?a <dusa.adrian at gmail.com> wrote: I am trying to submit a package on CRAN, and everything passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: * checking whether package ?QCA? can be installed ... [35s/35s] WARNING Found the following significant warnings: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated copying 12 bytes from a string of length 79 [-Wstringop-truncation] See ?/srv/hornik/tmp/CRAN/QCA.Rcheck/00install.out? for details. I know the cause of this: using a cursomized version of some external C library, coupled with <SystemRequirements: GNU make> in the Description. But I do not know hot to get past this warning, since it refers to a builtin GCC function strncpy. As far as I read, this should be solved by a simple GCC upgrade to the newest version, but that is something outside my code base, since GCC resides on the CRAN servers. In the meantime, to get the package published, did anyone encountered a similar problem? If so, is there a workaround? ? Adrian Dusa University of Bucharest Romanian Social Data Archive Soseaua Panduri nr. 90-92 050663 Bucharest sector 5 Romania https://adriandusa.eu
Brian D. Ripley, ripley at stats.ox.ac.uk Emeritus Professor of Applied Statistics, University of Oxford
On Sat, May 23, 2020 at 10:01 AM Prof Brian Ripley <ripley at stats.ox.ac.uk> wrote:
On 23/05/2020 07:38, Simon Urbanek wrote:
Adrian, newer compilers are better at finding bugs - you may want to read the
full trace of the error, it tells you that you likely have a memory overflow when using strncpy() in your package. You should check whether it is right. Unfortunately we can?t help you more specifically, because I don't see any link to what you submitted so can?t look at the code involved. NB: debian-gcc on CRAN does have the latest version of gcc (10.1) and the link would likely have given fuller details (such links are provided on CRAN report pages but I do not know for submissions). gcc does sometimes give false alarms here (there is one for R with gcc
>= 9 and another for gcc >= 10) but see
https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/ . Most can easily be workaround by cleaner code.
Oh, of course, apologies for the oversight, these are the links: "package QCA_3.8.tar.gz does not pass the incoming checks automatically, please see the following pre-tests: Windows: < https://win-builder.r-project.org/incoming_pretest/QCA_3.8_20200521_185504/Windows/00check.log
Status: 1 NOTE Debian: < https://win-builder.r-project.org/incoming_pretest/QCA_3.8_20200521_185504/Debian/00check.log
Status: 1 WARNING, 1 NOTE" I only now realised the most relevant link was down below, after "last released version's CRAN status" (where I mistakenly stopped reading further): "More details are given in the directory: <https://win-builder.r-project.org/incoming_pretest/QCA_3.8_20200521_185504/
"
This is indeed very informative, and points to specific parts of the code that seem to be responsible with the warning. Thank you both very much for the pointers, I now at least know what should I try to fix. Best wishes, Adrian
Adrian Dusa University of Bucharest Romanian Social Data Archive Soseaua Panduri nr. 90-92 050663 Bucharest sector 5 Romania https://adriandusa.eu [[alternative HTML version deleted]]