On 05/03/2026 15.05, Peter Maydell wrote:
If you compile QEMU with GCC with -fsanitize=address and -Wstringop-overflow, this causes GCC to produce a false-positive warning which it does not produce when the sanitizer is not enabled (and which makes compilation fail if you're using -Werror, as we do by default for builds from git):../../hw/net/rtl8139.c: In function ‘rtl8139_io_writeb’: ../../hw/net/rtl8139.c:2264:17: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=] 2264 | memcpy(data_to_checksum, saved_ip_header + 12, 8); | ^ In file included from ../../hw/net/rtl8139.c:62: /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into destination object ‘ip_ver_len’ of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ ../../hw/net/rtl8139.c:2192:21: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=] 2192 | memcpy(data_to_checksum, saved_ip_header + 12, 8); | ^ /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into destination object ‘ip_ver_len’ of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ ../../hw/net/rtl8139.c:2192:21: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=] 2192 | memcpy(data_to_checksum, saved_ip_header + 12, 8); | ^ /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into destination object ‘ip_ver_len’ of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ In file included from /home/pm215/qemu/include/system/memory.h:21, from /home/pm215/qemu/include/hw/pci/pci.h:4, from /home/pm215/qemu/include/hw/pci/pci_device.h:4, from ../../hw/net/rtl8139.c:54: In function ‘stl_he_p’, inlined from ‘stl_be_p’ at /home/pm215/qemu/include/qemu/bswap.h:371:5, inlined from ‘rtl8139_cplus_transmit_one’ at ../../hw/net/rtl8139.c:2244:21, inlined from ‘rtl8139_cplus_transmit’ at ../../hw/net/rtl8139.c:2345:28, inlined from ‘rtl8139_io_writeb’ at ../../hw/net/rtl8139.c:2728:17: /home/pm215/qemu/include/qemu/bswap.h:284:5: error: writing 4 bytes into a region of size 0 [-Werror=stringop-overflow=] 284 | __builtin_memcpy(ptr, &v, sizeof(v)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/pm215/qemu/include/net/eth.h: In function ‘rtl8139_io_writeb’: /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [24, 64] into destination object ‘ip_ver_len’ of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ This has been triaged as a bug in GCC: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114494 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99673 (the sanitizer pass rewrites the IR in a way that conflicts with its use by the warning pass that runs afterwards). Since this is the only place in our code where we hit this, work around it by disabling the -Wstringop-overflow in the part of the function that hits it. We do this only when using the address sanitizer on GCC, so that we still get the benefit of the warning in most compilation scenarios. Cc: [email protected] Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3006 Suggested-by: Daniel P. Berrangé <[email protected]> Signed-off-by: Peter Maydell <[email protected]> --- v2: disable the warning rather than using the incorrect attempt at a workaround that v1 had. On the fence about whether this is worth backporting to stable.
It's easy enough, so I think it's a good idea to backport to stable. Reviewed-by: Thomas Huth <[email protected]>
