On Thu, Jan 14, 2021 at 09:19:20AM -0500, Alexander Bulekov wrote:
> On 210114 1415, Philippe Mathieu-Daudé wrote:
> > +Jason +Dmitry
> >
> > On 1/14/21 8:07 AM, Miroslav Rezanina wrote:
> > > When building qemu with GCC 11, compiling eth.c file produce following
> > > warning:
> > >
> > > warning: array subscript 'struct ip6_ext_hdr_routing[0]' is partly
> > > outside array bounds of 'struct ip6_ext_hdr[1]' [-Warray-bounds]
> > >
> > > This is caused by retyping from ip6_ext_hdr to ip6_ext_hdr_routing that
> > > has more
> > > attributes.
> > >
> > > As this usage is expected, suppress the warning temporarily through the
> > > function
> > > using this retyping.
> >
> > This is not expected, this is a bug...
> >
>
> Seems related: https://bugs.launchpad.net/qemu/+bug/1879531
> -Alex
>
Yes, it is caused by the issue triggering the warning. Do you know
whether the patch mentioned in bug was already sent?
Mirek
> > >
> > > Signed-off-by: Miroslav Rezanina <mreza...@redhat.com>
> > > ---
> > > net/eth.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/net/eth.c b/net/eth.c
> > > index 1e0821c5f8..b9bdd0435c 100644
> > > --- a/net/eth.c
> > > +++ b/net/eth.c
> > > @@ -405,6 +405,8 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int
> > > pkt_frags,
> > > struct ip6_ext_hdr *ext_hdr,
> > > struct in6_address *dst_addr)
> > > {
> > > +#pragma GCC diagnostic push
> > > +#pragma GCC diagnostic ignored "-Warray-bounds"
> > > struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *)
> > > ext_hdr;
> >
> > eth_parse_ipv6_hdr() called iov_to_buf() to fill the 2 bytes of ext_hdr.
> >
> > > if ((rthdr->rtype == 2) &&
> >
> > Here we access after the 2 bytes filled... rthdr->rtype is somewhere on
> > eth_parse_ipv6_hdr's stack, its content is unknown.
> >
> > > @@ -426,6 +428,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int
> > > pkt_frags,
> > > }
> > >
> > > return false;
> > > +#pragma GCC diagnostic pop
> >
> > Nacked-by: Philippe Mathieu-Daudé <phi...@redhat.com>
> >
> >
>
