| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAErSpo5Pb2bABmnQZ04KRqjU=38=Pcr2OQv8hUJd_hv69QVc-A@mail.gmail.com> Date: Wed, 5 Mar 2014 07:54:53 -0700 From: Bjorn Helgaas <bhelgaas@...gle.com> To: David Laight <David.Laight@...lab.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] phy: fix compiler array bounds warning on settings[] On Wed, Mar 5, 2014 at 2:10 AM, David Laight <David.Laight@...lab.com> wrote: > From: Bjorn Helgaas >> With -Werror=array-bounds, gcc v4.7.x warns that in phy_find_valid(), the >> settings[] "array subscript is above array bounds", I think because idx is >> a signed integer and if the caller supplied idx < 0, we pass the guard but >> still reference out of bounds. > > Not rejecting the patch but... > > Just indexing an array with 'int' shouldn't cause this warning, > so somewhere a caller must actually be passing an idx < 0. > > While changing the type to unsigned will make the comparison > against the array bound reject the -1, I suspect that the > specific call path didn't really intend passing a hard-coded -1. > > It might be worth trying to locate the call site that passes -1. I agree 100%. If that's the case, we definitely should find that caller rather than apply this patch. I'll look more today. Bjorn -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists