Bug 97490 - [11/12/13/14 Regression] false-positive -Wstringop-overflow= with address sanitizer since r10-5451-gef29b12cfbb4979a
Summary: [11/12/13/14 Regression] false-positive -Wstringop-overflow= with address san...
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: sanitizer (show other bugs)
Version: 10.2.0
: P2 normal
Target Milestone: 11.5
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2020-10-19 11:15 UTC by Arnd Bergmann
Modified: 2023-07-07 10:38 UTC (History)
6 users (show)

See Also:
Host:
Target:
Build:
Known to work: 9.3.0
Known to fail: 10.2.0, 11.0
Last reconfirmed: 2020-10-19 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arnd Bergmann 2020-10-19 11:15:49 UTC
Building the Linux kernel with gcc-10.1 or higher shows a couple of warnings in one file:

drivers/net/wireless/ath/ath9k/dynack.c:209:14: warning: writing 4 bytes into a region of size 0 [-Wstringop-overflow=]

I manually created a reduced test case:

typedef unsigned int u32;
typedef unsigned short u16;
typedef unsigned char u8;
typedef _Bool bool;
static inline void _ether_addr_copy(u8 *dst, const u8 *src)
{
        *(u32 *)dst = *(const u32 *)src;
        *(u16 *)(dst + 4) = *(const u16 *)(src + 4);
}
struct _ieee80211_hdr {
        u8 addr1[6];
};
struct _haddr_pair {
        u8 h_dest[6];
};
struct _ath_dyn_txbuf {
        u16 t_rb;
        struct _haddr_pair addr[64];
};
struct _ath_dynack {
        bool enabled;
        struct _ath_dyn_txbuf st_rbf;
};
struct _ath_hw {
        int reg_ops;
        struct _ath_dynack dynack;
};
void _ath_dynack_sample_tx_ts(struct _ath_hw *ah, struct _ieee80211_hdr *hdr)
{
        struct _ath_dynack *da = &ah->dynack;
        struct _haddr_pair *addr;

        if (!da->enabled)
                return;

        addr = &da->st_rbf.addr[da->st_rbf.t_rb];
        _ether_addr_copy(addr->h_dest, hdr->addr1);
}

$ gcc-10 -O2 -Wall -fsanitize=kernel-address -c dynack.c
test.c: In function '_ath_dynack_sample_tx_ts':
test.c:8:21: warning: writing 4 bytes into a region of size 0 [-Wstringop-overflow=]
    8 |         *(u32 *)dst = *(const u32 *)src;
      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
test.c:26:14: note: at offset 0 to object 'enabled' with size 1 declared here
   26 |         bool enabled;
      |              ^~~~~~~
test.c:9:27: warning: writing 2 bytes into a region of size 0 [-Wstringop-overflow=]
    9 |         *(u16 *)(dst + 4) = *(const u16 *)(src + 4);
      |         ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
test.c:26:14: note: at offset 0 to object 'enabled' with size 1 declared here
   26 |         bool enabled;
      |              ^~~~~~~

See also https://godbolt.org/z/K5jcM8
I checked locally that this happens on all target architectures I tried, but not with gcc-9. The code in the kernel only produces a warning on architectures that are assumed to allow unaligned load/store instructions, otherwise a different ether_addr_copy() function is used.
Comment 1 Martin Liška 2020-10-19 12:07:34 UTC
Confirmed, started with Martin's commit.
Comment 2 Richard Biener 2021-04-08 12:02:21 UTC
GCC 10.3 is being released, retargeting bugs to GCC 10.4.
Comment 3 Jakub Jelinek 2022-06-28 10:42:16 UTC
GCC 10.4 is being released, retargeting bugs to GCC 10.5.
Comment 4 Richard Biener 2023-07-07 10:38:18 UTC
GCC 10 branch is being closed.