lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3591681.K68OpP9yPi@eto>
Date:	Sun, 30 Sep 2012 23:21:30 +0200
From:	Rolf Eike Beer <eike-kernel@...tec.de>
To:	Paul Bolle <pebolle@...cali.nl>, linux-scsi@...r.kernel.org
Cc:	Andrew Vasquez <andrew.vasquez@...gic.com>,
	linux-driver@...gic.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] qla2xxx: silence two GCC warnings

Am Sonntag 30 September 2012, 13:07:54 schrieb Paul Bolle:
> Compiling qla_gs.o (part of the qla2xxx module) triggers two GCC
> warnings:
>     drivers/scsi/qla2xxx/qla_gs.c: In function ‘qla2x00_fdmi_rhba’:
>     drivers/scsi/qla2xxx/qla_gs.c:1339:7: warning: array subscript is above
> array bounds [-Warray-bounds] drivers/scsi/qla2xxx/qla_gs.c: In function
> ‘qla2x00_fdmi_register’: drivers/scsi/qla2xxx/qla_gs.c:1663:15: warning:
> array subscript is above array bounds [-Warray-bounds]
> 
> It seems that the sequence of a strcpy followed by a strlen confuses GCC
> when it is keeping track of array bounds here. (It is not clear to me
> which array triggers this warning and by how much GCC thinks the
> subscript is above its bounds. Neither is it clear to me why comparable
> code in these two functions doesn't trigger this warning.)
> 
> The easiest way to silence these warnings is to hardcode the length of
> these two strings in the code here. The length used here is the length
> of the string, including its NUL terminator, rounded up to the next
> multiple of four.

This adds some magic values, which is asking for trouble once someone changes 
the manufacturer string or something. What about something like this:

const char *qlogic = "QLogic Corporation";
strcpy(eiter->a.manufacturer, qlogic);
alen += round_up(strlen(qlogic), 4);
...

Eike
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ