https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503
--- Comment #19 from Willy Tarreau <w at 1wt dot eu> ---
Hello Richard,
Thanks for looking at this old issue.
> that means next_step will do the bad access of 'head' using the struct ref
> type.
Actually there's no bad access, as if you look closely, next_step() restarts
from cur->list.n, hence undoes exactly what initial_step() did.
In addition for the special case here, the list happens to be at the beginning
of the struct so there's not even an offset of difference between the list head
and the member, so get_initial_step() really returns head here, and next_step()
will return exactly head as well, which does match the stop condition in the
following while() block and never causes any dereference of any unmapped area.
I noticed I have left a mistake when writing the simplified reproducer, I
didn't initialise head, thus I thought it could have contributed to the warning
in the reproducer, but retesting with:
static struct list head = { .n = &head, .p = &head };
doesn't change anything.
Since then we've worked around this problem by using some ugly casts because
removing the warning could have more long-term consequences if it occasionally
allows to trigger on a real issue. Still I find it sad when a warning forces us
to introduce dangerous casts as a workaround.
