https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100262
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|c |middle-end
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
The warnings are by design. They're all issued for the same underlying problem
involving accesses past the end of an object of the same type: struct
mdesc_handle and struct mdesc_hdr defined like so:
struct mdesc_handle {
struct list_head list;
struct mdesc_mem_ops *mops;
void *self_base;
refcount_t refcnt;
unsigned int handle_size;
struct mdesc_hdr mdesc;
};
struct mdesc_hdr {
u32 version;
u32 node_sz;
u32 name_sz;
u32 data_sz;
} __attribute__((aligned(16)));
static struct mdesc_elem *node_block(struct mdesc_hdr *mdesc)
{
return (struct mdesc_elem *) (mdesc + 1);
}
static void *name_block(struct mdesc_hdr *mdesc)
{
return ((void *) node_block(mdesc)) + mdesc->node_sz;
}
static void *data_block(struct mdesc_hdr *mdesc)
{
return ((void *) name_block(mdesc)) + mdesc->name_sz;
}
u64 mdesc_node_by_name(struct mdesc_handle *hp,
u64 from_node, const char *name)
{
struct mdesc_elem *ep = node_block(&hp->mdesc);
const char *names = name_block(&hp->mdesc);
^^^^^^^^^^
This is the cause of the warning: name_block() computes the address past the
end of hp->mdesc, effectively treating mdesc as if it was a flexible array
member. What the code really seems to want to do is to compute the address
somewhere into the chunk pointed to by hp. The expected way to do that is like
so:
const char *names = (char*)hp + offsetof (struct mdesc_handle, mdesc);
