public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "arnd at linaro dot org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/113214] New: false-positive -Wstringop-overflow warning with thread sanitizer Date: Wed, 03 Jan 2024 11:46:14 +0000 [thread overview] Message-ID: <bug-113214-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113214 Bug ID: 113214 Summary: false-positive -Wstringop-overflow warning with thread sanitizer Product: gcc Version: 13.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: arnd at linaro dot org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- I came across another -Wstringop-overflow warning while building the kernel in a newly added device driver, when the thread sanitizer is enabled. Reduced my test case to void _dev_warn(const void *dev, ...); struct xe_uc { int guc; }; struct xe_gt { struct xe_tile *tile; struct pf_queue { unsigned int data[128]; unsigned int tail; } pf_queue[4]; struct xe_uc uc; }; #define container_of(ptr, type, member) ({ \ void *__mptr = (void *)(ptr); \ ((type *)(__mptr - __builtin_offsetof(type, member))); }) void xe_guc_pagefault_handler(struct xe_uc *uc, int asid, void *msg, int len) { struct xe_gt *gt = container_of(uc, struct xe_gt, uc); void *xe = gt->tile; struct pf_queue *pf_queue; if (len != 4) return; pf_queue = >->pf_queue[asid % 4]; __builtin_memcpy(pf_queue->data + pf_queue->tail, msg, len * sizeof(unsigned int)); _dev_warn(xe); } Original source code at https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/gpu/drm/xe/xe_gt_pagefault.c?h=next-20240103#n322 Reproducer at https://godbolt.org/z/MMaz8rqcj aarch64-linux-gcc-13.2 -Wall -O2 -fsanitize=thread -Werror=stringop-overflow -Wall -c xe_gt_pagefault.c xe_gt_pagefault.c: In function 'xe_guc_pagefault_handler': xe_gt_pagefault.c:26:9: error: writing 16 bytes into a region of size 0 [-Werror=stringop-overflow=] 26 | __builtin_memcpy(pf_queue->data + pf_queue->tail, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 27 | msg, len * sizeof(unsigned int)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xe_gt_pagefault.c:6:25: note: at offset 8 into destination object 'tile' of size 8 6 | struct xe_tile *tile; | ^~~~ cc1: some warnings being treated as errors Currently I see this with gcc-13.x and gcc-14.0 but not gcc-12.
next reply other threads:[~2024-01-03 11:46 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-01-03 11:46 arnd at linaro dot org [this message] 2024-01-03 21:51 ` [Bug sanitizer/113214] " pinskia at gcc dot gnu.org 2024-02-05 16:49 ` arnd at linaro dot org 2024-02-05 18:38 ` jakub at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-113214-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).