From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 072463854824; Mon, 19 Oct 2020 11:15:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 072463854824 From: "arnd at linaro dot org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/97490] New: [10/11 Regression] false-positive -Wstringop-overflow= with address sanitizer Date: Mon, 19 Oct 2020 11:15:49 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 10.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: arnd at linaro dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2020 11:15:50 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97490 Bug ID: 97490 Summary: [10/11 Regression] false-positive -Wstringop-overflow=3D with address sanitizer Product: gcc Version: 10.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: arnd at linaro dot org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxi= n at gcc dot gnu.org Target Milestone: --- Building the Linux kernel with gcc-10.1 or higher shows a couple of warning= s in one file: drivers/net/wireless/ath/ath9k/dynack.c:209:14: warning: writing 4 bytes in= to a region of size 0 [-Wstringop-overflow=3D] I manually created a reduced test case: typedef unsigned int u32; typedef unsigned short u16; typedef unsigned char u8; typedef _Bool bool; static inline void _ether_addr_copy(u8 *dst, const u8 *src) { *(u32 *)dst =3D *(const u32 *)src; *(u16 *)(dst + 4) =3D *(const u16 *)(src + 4); } struct _ieee80211_hdr { u8 addr1[6]; }; struct _haddr_pair { u8 h_dest[6]; }; struct _ath_dyn_txbuf { u16 t_rb; struct _haddr_pair addr[64]; }; struct _ath_dynack { bool enabled; struct _ath_dyn_txbuf st_rbf; }; struct _ath_hw { int reg_ops; struct _ath_dynack dynack; }; void _ath_dynack_sample_tx_ts(struct _ath_hw *ah, struct _ieee80211_hdr *hd= r) { struct _ath_dynack *da =3D &ah->dynack; struct _haddr_pair *addr; if (!da->enabled) return; addr =3D &da->st_rbf.addr[da->st_rbf.t_rb]; _ether_addr_copy(addr->h_dest, hdr->addr1); } $ gcc-10 -O2 -Wall -fsanitize=3Dkernel-address -c dynack.c test.c: In function '_ath_dynack_sample_tx_ts': test.c:8:21: warning: writing 4 bytes into a region of size 0 [-Wstringop-overflow=3D] 8 | *(u32 *)dst =3D *(const u32 *)src; | ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ test.c:26:14: note: at offset 0 to object 'enabled' with size 1 declared he= re 26 | bool enabled; | ^~~~~~~ test.c:9:27: warning: writing 2 bytes into a region of size 0 [-Wstringop-overflow=3D] 9 | *(u16 *)(dst + 4) =3D *(const u16 *)(src + 4); | ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~ test.c:26:14: note: at offset 0 to object 'enabled' with size 1 declared he= re 26 | bool enabled; | ^~~~~~~ See also https://godbolt.org/z/K5jcM8 I checked locally that this happens on all target architectures I tried, but not with gcc-9. The code in the kernel only produces a warning on architect= ures that are assumed to allow unaligned load/store instructions, otherwise a different ether_addr_copy() function is used.=