https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87296
mostlyaspambox at protonmail dot com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mostlyaspambox at protonmail dot c | |om --- Comment #9 from mostlyaspambox at protonmail dot com --- I think I've also hit this or a variation of it with the following reproducer: ``` #include <string.h> #include <algorithm> #include <assert.h> #include <array> struct Base1 { char arr[5]; }; struct Base2 { char arr[25]; }; struct A : Base1, Base2 { }; extern const char* str; void f(A& a) { Base1& base1 = a; std::fill(std::begin(base1.arr), std::end(base1.arr), ' '); Base2& base2 = a; strncpy(reinterpret_cast<char*>(&base2), str, 6); } int main() { A a{}; f(a); } ``` If `a` is created inside `f` instead of passed in by reference, there is no error. When compiled with `g++ -std=c++11 -O2 -Wall -Wextra -fno-strict-aliasing -fwrapv -fno-aggressive-loop-optimizations -fsanitize=undefined` on x86-64 with gcc 8.1 this prints: test.cpp:27:12: warning: 'char* strncpy(char*, const char*, size_t)' writing 6 bytes into a region of size 5 overflows the destination [-Wstringop-overflow=] strncpy(reinterpret_cast<char*>(&base2), str, 6); ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If `str` in the strncpy call is replaced with a string literal, there is the same warning unless the literal has length 6 including the null terminator.