Re: [PATCH v3 1/2] Fix net.c warning on GCC 11

[Philippe Mathieu-Daudé]

+Jason +Dmitry

On 1/14/21 8:07 AM, Miroslav Rezanina wrote:
> When building qemu with GCC 11, compiling eth.c file produce following 
> warning:
> 
>    warning: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside 
> array bounds of 'struct ip6_ext_hdr[1]' [-Warray-bounds]
> 
> This is caused by retyping from ip6_ext_hdr to ip6_ext_hdr_routing that has 
> more
> attributes.
> 
> As this usage is expected, suppress the warning temporarily through the 
> function
> using this retyping.

This is not expected, this is a bug...

> 
> Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
> ---
>  net/eth.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/net/eth.c b/net/eth.c
> index 1e0821c5f8..b9bdd0435c 100644
> --- a/net/eth.c
> +++ b/net/eth.c
> @@ -405,6 +405,8 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int 
> pkt_frags,
>                          struct ip6_ext_hdr *ext_hdr,
>                          struct in6_address *dst_addr)
>  {
> +#pragma GCC diagnostic push
> +#pragma GCC diagnostic ignored "-Warray-bounds"
>      struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) 
> ext_hdr;

eth_parse_ipv6_hdr() called iov_to_buf() to fill the 2 bytes of ext_hdr.

>      if ((rthdr->rtype == 2) &&

Here we access after the 2 bytes filled... rthdr->rtype is somewhere on
eth_parse_ipv6_hdr's stack, its content is unknown.

> @@ -426,6 +428,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int 
> pkt_frags,
>      }
>  
>      return false;
> +#pragma GCC diagnostic pop

Nacked-by: Philippe Mathieu-Daudé <philmd@redhat.com>