lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <200612191846.kBJIkSX7019987@turing-police.cc.vt.edu>
Date:	Tue, 19 Dec 2006 13:46:28 -0500
From:	Valdis.Kletnieks@...edu
To:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
Cc:	Jörn Engel <joern@...ybastard.org>,
	Dmitry Torokhov <dmitry.torokhov@...il.com>,
	Randy Dunlap <randy.dunlap@...cle.com>,
	Pavel Machek <pavel@....cz>, Scott Preece <sepreece@...il.com>,
	kernel list <linux-kernel@...r.kernel.org>
Subject: 2.6.20-rc1-mm1 suspicious prececence code ( was Re: [PATCH/v2] CodingStyle updates

On Fri, 15 Dec 2006 22:59:12 +0100, Jan Engelhardt said:

> I take it that people will automatically DTRT for obscure cases like
> shown before. Well, and if they don't, hopefully some reviewer catches
> things like 3*i + l<<2.

So I hacked up a few very ugly 'find|egrep' to look for some cases of that, and
found:

./include/asm-arm/arch-ebsa110/hardware.h:18: * Region 0 (addr = 0xf0000000 + io << 2)

Only one odd-looking use of +-*/ and <</>> - and it's in a comment.

And that's using a pattern like '\+[^,()=]*<<' (basically, any plus sign that
has a << after it, but no comma parens or equals to force grouping in between), and
then using /bin/eyeball to filter the resulting several hundred lines.
I admit I didn't try to catch expressions split over multiple lines, and
something of the form "foo * bar + (a-b) << 2" would have snuck by (but I
suspect if somebody bothered doing the (a-b), they would have another pair).

So either that sort of thing isn't really an error we make often, or the
reviewers are very good at catching it, or I'm a lot worse at finding them
than I thought I was... :)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ