https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114698
--- Comment #8 from Peter Bergner <bergner at gcc dot gnu.org> --- (In reply to Andrew Pinski from comment #6) > Note this implementation of sha2.c is shared all over the place it seems and > has this known issue ... (In reply to Andrew Pinski from comment #4) > (In reply to Andrew Pinski from comment #3) > > uint8_t buffer[SHA256_BLOCK_LENGTH]; > > > > W256 = (sha2_word32*)context->buffer; > > > > This is starting to smell like the code is violating strict aliasing rules > > ... > > The patch in https://github.com/NetBSD/pkgsrc/issues/122 applies directly > here too. Thanks for the pointer, I'll try the patch and report back. Jan's commit does seem to make a change in the alias handling, so it very well could have exposed that type of problem in the sha2 routine.