| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Mar 2014 15:10:34 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Bjorn Helgaas' <bhelgaas@...gle.com> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [PATCH] phy: fix compiler array bounds warning on settings[] From: Bjorn Helgaas > On Wed, Mar 5, 2014 at 2:10 AM, David Laight <David.Laight@...lab.com> wrote: > > From: Bjorn Helgaas > >> With -Werror=array-bounds, gcc v4.7.x warns that in phy_find_valid(), the > >> settings[] "array subscript is above array bounds", I think because idx is > >> a signed integer and if the caller supplied idx < 0, we pass the guard but > >> still reference out of bounds. > > > > Not rejecting the patch but... > > > > Just indexing an array with 'int' shouldn't cause this warning, > > so somewhere a caller must actually be passing an idx < 0. > > > > While changing the type to unsigned will make the comparison > > against the array bound reject the -1, I suspect that the > > specific call path didn't really intend passing a hard-coded -1. > > > > It might be worth trying to locate the call site that passes -1. > > I agree 100%. If that's the case, we definitely should find that > caller rather than apply this patch. I'll look more today. You might want to apply the patch as well :-) David
Powered by blists - more mailing lists