public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "arnd at linaro dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/113214] New: false-positive -Wstringop-overflow warning with thread sanitizer
Date: Wed, 03 Jan 2024 11:46:14 +0000 [thread overview]
Message-ID: <bug-113214-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113214
Bug ID: 113214
Summary: false-positive -Wstringop-overflow warning with thread
sanitizer
Product: gcc
Version: 13.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: arnd at linaro dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
I came across another -Wstringop-overflow warning while building the kernel in
a newly added device driver, when the thread sanitizer is enabled. Reduced my
test case to
void _dev_warn(const void *dev, ...);
struct xe_uc {
int guc;
};
struct xe_gt {
struct xe_tile *tile;
struct pf_queue {
unsigned int data[128];
unsigned int tail;
} pf_queue[4];
struct xe_uc uc;
};
#define container_of(ptr, type, member) ({ \
void *__mptr = (void *)(ptr); \
((type *)(__mptr - __builtin_offsetof(type, member))); })
void xe_guc_pagefault_handler(struct xe_uc *uc, int asid, void *msg, int len)
{
struct xe_gt *gt = container_of(uc, struct xe_gt, uc);
void *xe = gt->tile;
struct pf_queue *pf_queue;
if (len != 4)
return;
pf_queue = >->pf_queue[asid % 4];
__builtin_memcpy(pf_queue->data + pf_queue->tail,
msg, len * sizeof(unsigned int));
_dev_warn(xe);
}
Original source code at
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/gpu/drm/xe/xe_gt_pagefault.c?h=next-20240103#n322
Reproducer at https://godbolt.org/z/MMaz8rqcj
aarch64-linux-gcc-13.2 -Wall -O2 -fsanitize=thread -Werror=stringop-overflow
-Wall -c xe_gt_pagefault.c
xe_gt_pagefault.c: In function 'xe_guc_pagefault_handler':
xe_gt_pagefault.c:26:9: error: writing 16 bytes into a region of size 0
[-Werror=stringop-overflow=]
26 | __builtin_memcpy(pf_queue->data + pf_queue->tail,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
27 | msg, len * sizeof(unsigned int));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xe_gt_pagefault.c:6:25: note: at offset 8 into destination object 'tile' of
size 8
6 | struct xe_tile *tile;
| ^~~~
cc1: some warnings being treated as errors
Currently I see this with gcc-13.x and gcc-14.0 but not gcc-12.
next reply other threads:[~2024-01-03 11:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-03 11:46 arnd at linaro dot org [this message]
2024-01-03 21:51 ` [Bug sanitizer/113214] " pinskia at gcc dot gnu.org
2024-02-05 16:49 ` arnd at linaro dot org
2024-02-05 18:38 ` jakub at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-113214-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).