https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100680
Bug ID: 100680 Summary: false positive warning for certain __builtin_memcmp() argument Product: gcc Version: 11.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: jbeulich at suse dot com Target Milestone: --- In this example struct s { char a[8]; int i; long l; }; extern char ea[8]; static char sa[8] = { 1, 2, 3, 4 }; int test(void) { const struct s*ps = (const struct s *)0x12345678L; if(__builtin_memcmp(ps->a, ps->a, 8)) return 0; if(__builtin_memcmp(ps->a, ea, 8)) return 0; if(__builtin_memcmp(ps->a, sa, 8)) return 0; if(__builtin_memcmp(ps->a, "abcdABCD", 8)) return 0; return 1; } all except, oddly enough, the first invocation cause "'__builtin_memcmp' specified bound of 8 exceeds source size of 0 [-Wstringop-overread]". Obviously the above example is heavily simplified from actual uses in the Xen hypervisor sources, but clearly in (at least) OS and alike low-level development it is not uncommon for pointers to get derived from known integer constants.