From: Arnd Bergmann <arnd@xxxxxxxx> gcc-11 warns that the size of the link name is longer than the di_fname field: fs/qnx4/dir.c: In function ‘qnx4_readdir’: fs/qnx4/dir.c:51:32: error: ‘strnlen’ specified bound 48 exceeds source size 16 [-Werror=stringop-overread] 51 | size = strnlen(de->di_fname, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from fs/qnx4/qnx4.h:3, from fs/qnx4/dir.c:16: include/uapi/linux/qnx4_fs.h:45:25: note: source object declared here 45 | char di_fname[QNX4_SHORT_NAME_MAX]; The problem here is that we access the same pointer using two different structure layouts, but gcc determines the object size based on whatever it encounters first. Change the strnlen to use the correct field size in each case, and change the first access to be on the longer field. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx> --- fs/qnx4/dir.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c index a6ee23aadd28..68046450e543 100644 --- a/fs/qnx4/dir.c +++ b/fs/qnx4/dir.c @@ -39,21 +39,20 @@ static int qnx4_readdir(struct file *file, struct dir_context *ctx) ix = (ctx->pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK; for (; ix < QNX4_INODES_PER_BLOCK; ix++, ctx->pos += QNX4_DIR_ENTRY_SIZE) { offset = ix * QNX4_DIR_ENTRY_SIZE; - de = (struct qnx4_inode_entry *) (bh->b_data + offset); - if (!de->di_fname[0]) + le = (struct qnx4_link_info *)(bh->b_data + offset); + de = (struct qnx4_inode_entry *)(bh->b_data + offset); + if (!le->dl_fname[0]) continue; if (!(de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK))) continue; if (!(de->di_status & QNX4_FILE_LINK)) - size = QNX4_SHORT_NAME_MAX; + size = strnlen(de->di_fname, sizeof(de->di_fname)); else - size = QNX4_NAME_MAX; - size = strnlen(de->di_fname, size); + size = strnlen(le->dl_fname, sizeof(le->dl_fname)); QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname)); if (!(de->di_status & QNX4_FILE_LINK)) ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1; else { - le = (struct qnx4_link_info*)de; ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) * QNX4_INODES_PER_BLOCK + le->dl_inode_ndx; -- 2.29.2