On Sun, 1 Mar 2026 at 15:15, Yodel Eldar <[email protected]> wrote:
>
> Hi, Lukas
>
> On 01/03/2026 05:13, Lukas Straub wrote:
> > ../hw/net/rtl8139.c: In function ‘rtl8139_io_writeb’:
> > ../hw/net/rtl8139.c:2264:17: error: writing 8 bytes into a region of size 0
> > [-Werror=stringop-overflow=]
> > 2264 | memcpy(data_to_checksum, saved_ip_header + 12, 8);
> > | ^
> > In file included from ../hw/net/rtl8139.c:62:
> > /home/lukas/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into
> > destination object ‘ip_ver_len’ of size 1
> > 50 | uint8_t ip_ver_len; /* version and header length */
> > | ^~~~~~~~~~
On the face of it, this looks like a compiler bug (warning false
positive), because we set:
uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
and earlier
eth_payload_data = saved_buffer + ETH_HLEN;
where
uint8_t *saved_buffer = s->cplus_txbuffer;
and s->cplus_txbuffer is a uint8_t* which we set up via g_malloc().
None of that is an ip_ver_len byte, or even an ip_header struct.
So it looks like GCC has incorrectly decided that this uint8_t
buffer has a type which it does not.
A workaround for this is to use clang instead -- the Ubuntu 24.04
clang sanitizer has no trouble with this code.
This code is quite confusingly written, though. I'll have a look
to see if there's some simplification which might help both human
readers and the compiler.
thanks
-- PMM
