tpm2: fix GCC 15 stringop-overflow error in MakeIv

[baloo]

When compiling with GCC 15 using CFLAGS=-march=x86-64-v4, the compiler's aggressively optimized vectorizer triggers a false-positive -Wstringop-overflow error. Because x86-64-v4 enables wide AVX-512 registers, the compiler misinterprets the loop unrolling and warns that a 64-byte vector write is overflowing the destination buffer:

  tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c:158:17: error: 
  writing 64 bytes into a region of size 15 [-Werror=stringop-overflow=]
    158 |             *iv = i;

This fixes the warning by marking the iv output pointer parameter as volatile. This inhibits the over-aggressive loop vectorization on this specific buffer, silencing the compiler error without changing the underlying logic.

Summary by CodeRabbit

No user-visible changes

• Refactor
  • Internal adjustment to how an IV buffer is handled to improve compiler/memory behavior; no functional changes or public interface impacts.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b9ac845e-c211-46d7-bd22-2ae51c7b3365

📥 Commits

Reviewing files that changed from the base of the PR and between 7c31c13 and b35faee.

📒 Files selected for processing (1)

• src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c

🚧 Files skipped from review as they are similar to previous changes (1)

• src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c

---

📝 Walkthrough

Walkthrough

The MakeIv() helper in the cryptography test file now declares its IV output parameter as volatile BYTE* (previously BYTE*); no other logic changed.

Changes

IV Buffer Volatility

Layer / File(s)	Summary
Make IV buffer parameter volatile src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c	The MakeIv() function signature is updated to declare the iv output parameter as volatile BYTE* instead of BYTE*.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I twitch my whiskers, nibble code and clover,
A tiny change — volatile makes IVs hover,
The compiler learns to watch each byte,
No stealthy skip in the dead of night,
Hooray for buffers kept in sight! 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: fixing a GCC 15 stringop-overflow error in the MakeIv function.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Infer (1.2.0)

src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c

src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c:10:10: fatal error: 'Tpm.h' file not found
10 | #include "Tpm.h"
| ^~~~~~~
1 error generated.
Error: the following clang command did not run successfully:
/opt/infer-linux-x86_64-v1.2.0/lib/infer/facebook-clang-plugins/clang/install/bin/clang-18
@/tmp/coderabbit-infer/b35faee1224f5bccf759464e69f724a03421c8a9-ebc0651499583f6a/tmp/clang_command_.tmp.824528.txt
++Contents of '/tmp/coderabbit-infer/b35faee1224f5bccf759464e69f724a03421c8a9-ebc0651499583f6a/tmp/clang_command_.tmp.824528.txt':
"-cc1" "-load"
"/opt/infer-linux-x86_64-v1.2.0/lib/infer/infer/bin/../../facebook-clang-plugins/libtooling/build/FacebookClangPlugin.dylib"
"-add-plugin" "BiniouASTExporter" "-plugin-arg-BiniouASTExporter" "-"
"-plugin-arg-BiniouASTExporter" "PREPEND_CURRENT_DIR=1"
"-plugin-arg-BiniouASTExporter" "MAX_STRING_SIZE=65535" "-cc1" "-triple"
"x86_64-unknown-linux-gnu" "-emit-obj" "-mrelax-all" "-disable-free"

... [truncated 733 characters] ...

ib/infer/facebook-clang-plugins/clang/install/lib/clang/18/include"
"-internal-isystem" "/usr/local/include" "-internal-isystem"
"/usr/lib/gcc/x86_64-linux-gnu/12/../../../../x86_64-linux-gnu/include"
"-internal-externc-isystem" "/usr/include/x86_64-linux-gnu"
"-internal-externc-isystem" "/include" "-internal-externc-isystem"
"/usr/include" "-Wno-ignored-optimization-argument" "-Wno-everything"
"-ferror-limit" "19" "-fgnuc-version=4.2.1" "-fskip-odr-check-in-gmf"
"-D__GCC_HAVE_DWARF2_CFI_ASM=1" "-o"
"/tmp/coderabbit-infer/ebc0651499583f6a/file.o" "-x" "c"
"src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c" "-O0" "-fno-builtin"
"-include"
"/opt/infer-linux-x86_64-v1.2.0/lib/infer/infer/bin/../lib/clang_wrappers/global_defines.h"
"-Wno-everything"

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[baloo]

This was reported by NixOS/nixpkgs#528643

[baloo]

I will admit I don't understand the test failure, patch doesn't touch a piece swtpm relies upon. Could that be a fluke? (can we retry?)

[stefanberger]

I will admit I don't understand the test failure, patch doesn't touch a piece swtpm relies upon. Could that be a fluke? (can we retry?)

The timeouts that occurred are strange but unrelated to this patch. I will merge it soon.

Thanks!