[Bug sanitizer/84732] New: false-positive -Wstringop-truncation warning with -fsanitize-coverage=trace-pc

Tue, 06 Mar 2018 04:19:57 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84732

            Bug ID: 84732
           Summary: false-positive -Wstringop-truncation warning with
                    -fsanitize-coverage=trace-pc
           Product: gcc
           Version: 8.0.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: arnd at linaro dot org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

Created attachment 43576
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43576&action=edit
linux/drivers/staging/lustre/lnet/lnet/lib-socket.c, preprocessed, not reduced

I ran into this warning for what looks like correct code in the linux kernel
that we should not warn about:

$ aarch64-linux-gcc-8.0.1 -fno-strict-aliasing -Wno-pointer-sign
-fsanitize-coverage=trace-pc  -Wall -O2 -c lib-socket.i
In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:37,
                 from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
                 from /git/arm-soc/include/linux/spinlock.h:88,
                 from /git/arm-soc/include/linux/wait.h:9,
                 from /git/arm-soc/include/linux/net.h:23,
                 from
/git/arm-soc/drivers/staging/lustre/lnet/lnet/lib-socket.c:37:
/git/arm-soc/drivers/staging/lustre/lnet/lnet/lib-socket.c: In function
'lnet_ipif_query':
/git/arm-soc/include/linux/string.h:254:9: warning: '__builtin_strncpy'
specified bound 16 equals destination size [-Wstringop-truncation]
  return __builtin_strncpy(p, q, size);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/git/arm-soc/include/linux/string.h:254:9: warning: '__builtin_strncpy'
specified bound 16 equals destination size [-Wstringop-truncation]
  return __builtin_strncpy(p, q, size);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/git/arm-soc/include/linux/string.h:254:9: warning: '__builtin_strncpy'
specified bound 16 equals destination size [-Wstringop-truncation]
  return __builtin_strncpy(p, q, size);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

See
https://elixir.bootlin.com/linux/v4.15/source/drivers/staging/lustre/lnet/lnet/lib-socket.c#L99
for the original source code. Without -fsanitize-coverage=trace-pc, the
strlen() comparison is sufficient to avoid that warning, with
fsanitize=coverage=trace-pc, that logic fails:

        if (strlen(name) > sizeof(ifr.ifr_name) - 1)
                return -E2BIG;
        strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));


I can probably create a reduced test case if that helps.

Reply via email to