I'm surprised if this isn't a duplicate, but I can't find a bug for it...
GCC 9 and 10 will in some circumstances "optimise" a memcmp to always return zero.
I'm not aware of any security implications or other practical problems, but it has the potential to be quite harmful in theory.
sox package affected too.
Should be fixed in gcc-11.1 and gcc-10.3