lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200811041901.55808.arvidjaar@mail.ru>
Date:	Tue, 4 Nov 2008 19:01:54 +0300
From:	Andrey Borzenkov <arvidjaar@...l.ru>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	USB list <linux-usb@...r.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: 2.6.28-rc3: usb_hcd_poll_rh_status: array subscript is above array bounds

On Monday 03 November 2008, Alan Stern wrote:
> On Mon, 3 Nov 2008, Andrey Borzenkov wrote:
> 
> >   CC [M]  drivers/usb/core/hcd.o
> > /home/bor/src/linux-git/drivers/usb/core/hcd.c: In function ‘usb_hcd_poll_rh_status’:
> > /home/bor/src/linux-git/arch/x86/include/asm/string_32.h:75: warning: array subscript is above array bounds
> > 
> > It is likely that issue is actually in string_32.h as similar errors are
> > in oher places as well.
> 
> I think this is actually a compiler bug.  It certainly has nothing to
> do with USB.  There was a discussion about it a month or so ago on
> LKML.
> 



Yes this really looks like a compiler bug, "length" hardly can be considered
constant expression even using very broad definition of "constant".

What is interesting though, it appears that compiler believes length has
value of 5. So it will copy one extra byte; and possibly pass incorrect
length to the caller. I cannot judge whether this garbage can do any harm.

Dp you know if it was ever reported to gcc folks?

Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ