lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 10 Dec 2009 15:49:52 +0100
From:	Karsten Keil <isdn@...ux-pingi.de>
To:	Jerry Leo <jerryleo860202@...il.com>
Cc:	linux-kernel@...r.kernel.org, isdn4linux@...tserv.isdn4linux.de,
	i4ldeveloper@...tserv.isdn4linux.de,
	Armin Schindler <armin@...ware.de>
Subject: Re: [PATCH]about eicon: array subscript is above array bounds

On Donnerstag, 10. Dezember 2009 05:04:35 Jerry Leo wrote:
> Hi, Karsten Keil,
> 
>         When i compile eicon,there have some waning look like this:

This looks wrong, but I do not know this part so well.

Armin ?

> 
>            CC [M]  drivers/isdn/hardware/eicon/message.o
> drivers/isdn/hardware/eicon/message.c: In function ‘add_b23’:
> drivers/isdn/hardware/eicon/message.c:8426: warning: array subscript
> is above array bounds
> drivers/isdn/hardware/eicon/message.c:8427: warning: array subscript
> is above array bounds
> drivers/isdn/hardware/eicon/message.c:8434: warning: array subscript
> is above array bounds
> drivers/isdn/hardware/eicon/message.c:8435: warning: array subscript
> is above array bounds
> drivers/isdn/hardware/eicon/message.c:8436: warning: array subscript
> is above array bounds
> drivers/isdn/hardware/eicon/message.c:8447: warning: array subscript
> is above array bounds
> 
> I think the array is short then be used,because the array's max length
> is 20, then it will use long than this, the code is in
> "drivers/isdn/hardware/eicon/divacapi.h" 1360L, 50994C  :
> 
> 
> #define T30_MAX_STATION_ID_LENGTH       20
> #define T30_MAX_SUBADDRESS_LENGTH       20
> #define T30_MAX_PASSWORD_LENGTH         20
> 
> typedef struct t30_info_s T30_INFO;
> struct t30_info_s {
>   byte          code;
>   byte          rate_div_2400;
>   byte          resolution;
>   byte          data_format;
>   byte          pages_low;
>   byte          pages_high;
>   byte          operating_mode;
>   byte          control_bits_low;
>   byte          control_bits_high;
>   byte          feature_bits_low;
>   byte          feature_bits_high;
>   byte          recording_properties;
>   byte          universal_6;
>   byte          universal_7;
>   byte          station_id_len;
>   byte          head_line_len;
>   byte          station_id[T30_MAX_STATION_ID_LENGTH];
> /* byte          head_line[];      */
> /* byte          sub_sep_length;   */
> /* byte          sub_sep_field[];  */
> /* byte          pwd_length;       */
> /* byte          pwd_field[];      */
> /* byte          nsf_info_length;   */
> /* byte          nsf_info_field[];  */
> };
> 
> "drivers/isdn/hardware/eicon/message.c" 15071L, 487328C
> 
>         if (pos != 0)
>         {
>           if (CAPI_MAX_DATE_TIME_LENGTH + 2 +
> b3_config_parms[3].length > CAPI_MAX_HEAD_LINE_SPACE)
>             pos = 0;
>           else
>           {
>             ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>             ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>             len = (byte)b3_config_parms[2].length;
>             if (len > 20)
>               len = 20;
>             if (CAPI_MAX_DATE_TIME_LENGTH + 2 + len + 2 +
> b3_config_parms[3].length <= CAPI_MAX_HEAD_LINE_SPACE)
>             {
>               for (i = 0; i < len; i++)
>                 ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ((byte
>   *)b3_config_parms[2].info)[1+i];
>               ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>               ((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
>             }
>           }
>         }
> 
> 
> 
> can this patch commit?
> 

Wrong fileorder, this is a reverse patch.
But I  think the code should be fixed.

> 
> diff -up linux-2.6/drivers/isdn/hardware/eicon/divacapi.h
> linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig
> --- linux-2.6/drivers/isdn/hardware/eicon/divacapi.h	2009-12-10
> 12:02:46.000000000 +0800
> +++ linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig	2009-12-10
> 11:04:07.000000000 +0800
> @@ -445,7 +445,7 @@ struct _DIVA_CAPI_ADAPTER {
>  #define CAPI_MAX_HEAD_LINE_SPACE        89
>  #define CAPI_MAX_DATE_TIME_LENGTH       18
> 
> -#define T30_MAX_STATION_ID_LENGTH       30
> +#define T30_MAX_STATION_ID_LENGTH       20
>  #define T30_MAX_SUBADDRESS_LENGTH       20
>  #define T30_MAX_PASSWORD_LENGTH         20
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ