On Fri, Jan 28, 2022 at 05:16:58PM +0100, Dumitru Ceara wrote: > On 1/28/22 16:27, Segher Boessenkool wrote: > > On Fri, Jan 28, 2022 at 04:01:36PM +0100, Dumitru Ceara via Gcc-help wrote: > >> void *l4data = p.l4_ofs != UINT16_MAX ? (char *) p.base_ + p.l4_ofs : NULL; > >> struct hdr2 *h2 = l4data; > >> > >> memcpy(h2 + 1, &somedata[0], 6); > > > > l4data can be 0, and everything false apart from there on. (Wow, writing homonyms already, I must be tired)./ > In general, yes, l4data can be 0, if p.l4_ofs == UINT16_MAX, which can > only happen if pkt_bar() changed p.base_. Try it with the user code fixed though? (Hint: the warning disappears). > But the compiler can't know that for sure and the warning makes it sound > like it's a sure thing: > > "warning: ‘memcpy’ writing 6 bytes into a region of size 0 overflows the > destination" Yes. These warnings are often questionable, especially on otherwise broken code like this, but they are far from helpful then :-( What perhaps happens here is that the compiler realises l4data is not 0 (because otherwise the program would have undefined behaviour). But your program explicitly makes that happen; perhaps the compiler should have warned for that. (It will do a runtime error if ever that path is taken, instead, as things are). Segher
