| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Nov 2008 19:01:54 +0300
From: Andrey Borzenkov <arvidjaar@...l.ru>
To: Alan Stern <stern@...land.harvard.edu>
Cc: USB list <linux-usb@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: 2.6.28-rc3: usb_hcd_poll_rh_status: array subscript is above array bounds
On Monday 03 November 2008, Alan Stern wrote:
> On Mon, 3 Nov 2008, Andrey Borzenkov wrote:
>
> > CC [M] drivers/usb/core/hcd.o
> > /home/bor/src/linux-git/drivers/usb/core/hcd.c: In function âusb_hcd_poll_rh_statusâ:
> > /home/bor/src/linux-git/arch/x86/include/asm/string_32.h:75: warning: array subscript is above array bounds
> >
> > It is likely that issue is actually in string_32.h as similar errors are
> > in oher places as well.
>
> I think this is actually a compiler bug. It certainly has nothing to
> do with USB. There was a discussion about it a month or so ago on
> LKML.
>
Yes this really looks like a compiler bug, "length" hardly can be considered
constant expression even using very broad definition of "constant".
What is interesting though, it appears that compiler believes length has
value of 5. So it will copy one extra byte; and possibly pass incorrect
length to the caller. I cannot judge whether this garbage can do any harm.
Dp you know if it was ever reported to gcc folks?
Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists