https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99673
Bug ID: 99673
Summary: [11 Regression] bogus -Wstringop-overread warning with
address sanitizer
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: arnd at linaro dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Created attachment 50435
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50435&action=edit
manually reduced test case
gcc-11 warns about one file in the linux kernel, in which it fails to find the
size of an object:
$ arm-linux-gnueabi-gcc -Os -fno-inline-functions-called-once
-fsanitize=address
In function ‘ath11k_peer_assoc_h_vht’,
inlined from ‘ath11k_peer_assoc_prepare’ at
drivers/net/wireless/ath/ath11k/mac.c:92:2:
drivers/net/wireless/ath/ath11k/mac.c:66:13: warning:
‘ath11k_peer_assoc_h_vht_masked’ reading 16 bytes from a region of size 4
[-Wstringop-overread]
66 | if (ath11k_peer_assoc_h_vht_masked(vht_mcs_mask))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function ‘ath11k_peer_assoc_prepare’:
drivers/net/wireless/ath/ath11k/mac.c:66:13: note: referencing argument 1 of
type ‘const u16 *’ {aka ‘const short unsigned int *’}
drivers/net/wireless/ath/ath11k/mac.c:49:1: note: in a call to function
‘ath11k_peer_assoc_h_vht_masked’
49 | ath11k_peer_assoc_h_vht_masked(const u16
vht_mcs_mask[NL80211_VHT_NSS_MAX])
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I can't see where the '4' even comes from here, both in the original test case
and the reduced version
https://godbolt.org/z/79GE8M
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (GCC) 11.0.1 20210315 (experimental)
The behavior seems to be target independent, I can reproduce it on arm and x86.
