| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44L0.0811041108430.3614-100000@iolanthe.rowland.org> Date: Tue, 4 Nov 2008 11:10:33 -0500 (EST) From: Alan Stern <stern@...land.harvard.edu> To: Andrey Borzenkov <arvidjaar@...l.ru> cc: USB list <linux-usb@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: 2.6.28-rc3: usb_hcd_poll_rh_status: array subscript is above array bounds On Tue, 4 Nov 2008, Andrey Borzenkov wrote: > > I think this is actually a compiler bug. It certainly has nothing to > > do with USB. There was a discussion about it a month or so ago on > > LKML. > > > > > > Yes this really looks like a compiler bug, "length" hardly can be considered > constant expression even using very broad definition of "constant". > > What is interesting though, it appears that compiler believes length has > value of 5. So it will copy one extra byte; and possibly pass incorrect > length to the caller. I cannot judge whether this garbage can do any harm. Did you examine the object code? That's the only way to be sure. > Dp you know if it was ever reported to gcc folks? I have no idea. All I know is what was reported on LKML. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists