| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Dec 2009 12:04:35 +0800
From: Jerry Leo <jerryleo860202@...il.com>
To: isdn@...ux-pingi.de
Cc: linux-kernel@...r.kernel.org, isdn4linux@...tserv.isdn4linux.de,
i4ldeveloper@...tserv.isdn4linux.de
Subject: [PATCH]about eicon: array subscript is above array bounds
Hi, Karsten Keil,
When i compile eicon,there have some waning look like this:
CC [M] drivers/isdn/hardware/eicon/message.o
drivers/isdn/hardware/eicon/message.c: In function ‘add_b23’:
drivers/isdn/hardware/eicon/message.c:8426: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8427: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8434: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8435: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8436: warning: array subscript
is above array bounds
drivers/isdn/hardware/eicon/message.c:8447: warning: array subscript
is above array bounds
I think the array is short then be used,because the array's max length
is 20, then it will use long than this, the code is in
"drivers/isdn/hardware/eicon/divacapi.h" 1360L, 50994C :
#define T30_MAX_STATION_ID_LENGTH 20
#define T30_MAX_SUBADDRESS_LENGTH 20
#define T30_MAX_PASSWORD_LENGTH 20
typedef struct t30_info_s T30_INFO;
struct t30_info_s {
byte code;
byte rate_div_2400;
byte resolution;
byte data_format;
byte pages_low;
byte pages_high;
byte operating_mode;
byte control_bits_low;
byte control_bits_high;
byte feature_bits_low;
byte feature_bits_high;
byte recording_properties;
byte universal_6;
byte universal_7;
byte station_id_len;
byte head_line_len;
byte station_id[T30_MAX_STATION_ID_LENGTH];
/* byte head_line[]; */
/* byte sub_sep_length; */
/* byte sub_sep_field[]; */
/* byte pwd_length; */
/* byte pwd_field[]; */
/* byte nsf_info_length; */
/* byte nsf_info_field[]; */
};
"drivers/isdn/hardware/eicon/message.c" 15071L, 487328C
if (pos != 0)
{
if (CAPI_MAX_DATE_TIME_LENGTH + 2 +
b3_config_parms[3].length > CAPI_MAX_HEAD_LINE_SPACE)
pos = 0;
else
{
((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
len = (byte)b3_config_parms[2].length;
if (len > 20)
len = 20;
if (CAPI_MAX_DATE_TIME_LENGTH + 2 + len + 2 +
b3_config_parms[3].length <= CAPI_MAX_HEAD_LINE_SPACE)
{
for (i = 0; i < len; i++)
((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ((byte
*)b3_config_parms[2].info)[1+i];
((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
((T30_INFO *)&nlc[1])->station_id[20 + pos++] = ' ';
}
}
}
can this patch commit?
diff -up linux-2.6/drivers/isdn/hardware/eicon/divacapi.h
linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig
--- linux-2.6/drivers/isdn/hardware/eicon/divacapi.h 2009-12-10
12:02:46.000000000 +0800
+++ linux-2.6/drivers/isdn/hardware/eicon/divacapi.h.orig 2009-12-10
11:04:07.000000000 +0800
@@ -445,7 +445,7 @@ struct _DIVA_CAPI_ADAPTER {
#define CAPI_MAX_HEAD_LINE_SPACE 89
#define CAPI_MAX_DATE_TIME_LENGTH 18
-#define T30_MAX_STATION_ID_LENGTH 30
+#define T30_MAX_STATION_ID_LENGTH 20
#define T30_MAX_SUBADDRESS_LENGTH 20
#define T30_MAX_PASSWORD_LENGTH 20
Download attachment "patch" of type "application/octet-stream" (499 bytes)
Powered by blists - more mailing lists